Privacy Policy


1、Personal Data


Personal data refers to information that can be used to confirm the identity of individuals when being used separately or in combination with other information. Such data might be submitted to us directly by you when you are using our websites, products or services or when you are interacting with us, or might be obtained by us through recording how you are interacting with our websites, products or services, by using techniques such as cookie. The data collected by us depends on the websites you visited or the products and services you used, and might include names, addresses, emails, and telephone numbers. Our purpose of collecting such Personal data is to get in touch with you in order to provide corresponding services or send important notices.

2、Privacy Policy

Xiamen Cardiovascular Hospital Xiamen University and its subsidiaries around the globe (hereinafter referred to as "Xiamen Heart Center", "We" or "Our" for short) really knows the importance of personal data to customers and users. For this purpose, Xiamen Heart Center attaches great Importance the protection of personal data of customers and users, and has taken a series of measures to ensure that relevant businesses comply with applicable personal data protection requirements (such as GDPR).

2.1 To ensure the effective implementation of personal data protection requirements, Xiamen Heart Center has appointed a Data Protection Officer (DPO).

2.2 Xiamen Heart Center adopts the industry-recognized personal data protection approaches and practices. In the GDPR-applicable business scenarios, Xiamen Heart Center has introduced the Data Protection Impact Assessments (DPIA) approach to evaluate and mitigate the security risks of personal data in products and services.

2.2.1 Xiamen Heart Center requires a full assessment of the personal data is involved in products and services, and projects involving the personal data must undergo DPIA;

2.2.2 Projects involving personal data must create data lists and data flow diagrams;

2.2.3 Projects involving personal data must identify possible risks in the data processing procedures (including collection, use, storage, sharing, deletion, etc.), and take corresponding measures (including administrative, physical and technical measures) according to the risk level;

2.2.4 After the implementation of the DPIA, the corresponding report must be output and approved by the DPO.

2.3 Xiamen Heart Center has implemented technical measures including IDS, access control, encryption, data leakage prevention, anti-spam, terminal security protection, vulnerability scanning, etc., and has conducted the penetration testing to verify the effectiveness of these measures.

2.4 Xiamen Heart Center has established an emergency response mechanism for personal data breaches. Once a personal data breach occurs, Xiamen Heart Center will immediately initiate an emergency response process, strive to minimize the possible losses caused by personal data breaches and ensure that the affected persons are appropriately informed.

2.5 Xiamen Heart Center has established a continuous employee privacy policy training mechanism to ensure that every employee involved in GDPR can accurately understand the legal principles of data protection based on their specific job responsibilities, and strictly implement the company's applicable systems and procedures.

2.6 To ensure compliance, Xiamen Heart Center has implemented and will continuously conduct necessary technical and process audits on personal data protection.

2.7 Xiamen Heart Center has obtained internationally recognized certifications and will continuously accept assessment such as ISO 27001, TISAX, etc..

Personal data protection is not only a legal requirement, but also a social responsibility of Xiamen Heart Center. We will continue to optimize our products and services to ensure security and privacy, and reduce the risk of personal data protection for customers and users.

3、Updates to This Policy

Xiamen Heart Center reserves the right to update or modify this policy at any time. We will release the latest Privacy Policy on this page for any changes. If major changes are made to the Privacy Policy, we may also notify you through different channels, for example, posting a notice on our website or sending a separate notice to you.