The platform “heartbeat OS” supports clinics in conducting digital surveys with their patients.If you are a patient who has accessed this page in connection with a request from your clinic to complete a survey, or if you are a doctor working at a partner clinic and have been asked to create a user account, your clinic will be happy to answer any questions you may have regarding the survey.
This privacy notice provides you with all legally required information about how your personal data is handled when using the heartbeat OS software. It is intended for patients as well as for doctors who create an account in the patient portal in order to register patients there.
The clinic where you are receiving treatment is the entity responsible for processing your data under the General Data Protection Regulation (GDPR). You can find the contact details in your treatment agreement or request them from your clinic. The clinic is also required to provide you with the contact information of its Data Protection Officer.
HRTBT Medical Solutions GmbH acts as a technical service provider and data processor on behalf of the treating clinic under a contractual agreement. In this capacity, HRTBT Medical Solutions GmbH provides the heartbeat OS platform.
The personal data processed are those entered into the software by you or your treating clinic. This includes the following data:
Basic data: title, last name, first name, date of birth, gender, street, house number, address addition, postal code, insurance status, insurance provider, city, country, telephone, mobile number, email address.
Case-related data: this includes the respective patient surveys, which are selected by the treating doctors depending on the medical specialty and indication.
Medical data: within the patient surveys, the system also allows the optional recording of additional parameters from a medical perspective. The extent of this supplementary medical documentation is determined by the treating doctors depending on the specialty and indication.
To create a user account in heartbeat OS, you need to provide certain information. This includes your name, email address, your position at the partner clinic, your access level in heartbeat OS, and a password that you choose to secure your account.
Your personal data and information about your health are stored in the software to monitor changes and to generally ensure the quality of care in healthcare.
The data you provide when creating your user account are stored to ensure secure login exclusively for authorized users.
Automated decision-making is not conducted.
In general, the processing of your data is based on legal regulations that allow your clinic to process personal data (including health data) for the purposes of medical diagnosis and treatment or to ensure high-quality standards in healthcare (Art. 9(2)(h) and (i) GDPR in conjunction with § 22(1) Nos. 1(b) and (c) BDSG), or based on your consent (Art. 9(2)(a) GDPR).
For these purposes, your clinic uses us, HRTBT Medical Solutions GmbH, as its technical service provider. HRTBT Medical Solutions GmbH is therefore authorized as a data processor to process data only according to instructions. All patient-identifiable data are stored fully encrypted (AES-256 bit), and all data transmissions are encrypted (TLS 1.2).
By registering a user account in the patient portal and providing the required information, you agree to the processing described above for the purpose of ensuring that only authorized users can access the patient portal.
If you have any questions or concerns regarding your consent, please contact the partner clinic with which you have an employment contract.
You can assert the following rights against the clinic treating you:
You also have the right to lodge a complaint with a supervisory authority. If there are reasons arising from your particular personal situation, you have the right to object to the processing under certain conditions.
Furthermore, you may withdraw your consent to the processing of your personal data at any time with effect for the future. If you exercise this right, further processing of your data on the basis of consent will no longer be possible in the future. This applies expressly only to processing operations based on your consent.
We work with the following data centre providers to operate our Heartbeat OS software:
In addition, we use third-party service providers to operate our Heartbeat OS software, who may have access to data processed in the software in pseudonymised form only. Only the following personal system usage data is transmitted to third-party service providers:
Third-party service providers used by HRTBT Medical Solutions GmbH at the time of writing this privacy policy are:
No unencrypted personal data are transferred to third party countries. Only the system usage data listed above are shared in pseudonymized form with selected service providers, some of which may be located in third party countries. HRTBT Medical Solutions GmbH has ensured that all third-party service providers comply with the security measures required by the GDPR before their use.
The collected data are deleted from all systems by the partner clinics after the applicable retention periods have expired. If a clinic intends to continue processing the data beyond this period, it will obtain a separate informed consent from the patient(s).
If a patient withdraws their consent to data processing under Art. 17 GDPR before the end of the collection period, the relevant data will be deleted by the medical staff, and no further data will be collected. Deletion of already processed data is not provided in accordance with § 35 BDSG, as doing so would involve a disproportionately high effort.