Information We Collect

We collect the following types of personal and health information to provide you with appropriate medical care and services:

• Personal identifiers: Full name, date of birth, gender, and contact details (address, phone number, email)
• Government-issued identifiers: National ID or passport number
• Financial information: Medical aid scheme membership, billing details, payment information
• Health information: Medical history, current conditions, appointment history, prescriptions, clinical notes, laboratory results, diagnostic images
• Biometric data: Height, weight, blood pressure, and other health metrics
• Patient-generated data: Health information you provide through forms, surveys, or our patient portal
• Electronic data: Information collected through our website, patient portal, and electronic communications
• Emergency contact information: Names and contact details for your designated emergency contacts

How We Collect Information

We collect your information through various channels:

• Direct collection: Information you provide during registration, consultations, and follow-up visits
• Electronic submissions: Forms completed on our website or patient portal
• Third-party healthcare providers: Information from referring physicians, specialists, or other healthcare facilities (with your consent)
• Digital interactions: Information collected through cookies and similar technologies when you use our digital services
• Medical devices: Data generated by medical devices used in your diagnosis or treatment

How We Use Your Information

We collect your data for the following purposes:

• Core healthcare services: Diagnosing conditions, creating treatment plans, and managing your ongoing care
• Administrative functions: Scheduling appointments, processing payments, and verifying insurance coverage
• Communication: Sending appointment reminders, follow-up care instructions, and important health information
• Service improvement: Analyzing de-identified data to improve our services and patient outcomes
• Legal obligations: Complying with healthcare regulations, mandatory reporting, and responding to legal requests
• Quality assurance: Monitoring and maintaining the quality and safety of our healthcare services
• Research: With your explicit consent, your de-identified information may be used for medical research

Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contract: Processing necessary for providing healthcare services you've requested
• Legal obligation: Processing required by law, including POPIA, HIPAA, and other healthcare regulations
• Legitimate interests: Processing for our legitimate business purposes, such as administration and service improvement
• Consent: Processing based on your explicit consent, particularly for marketing communications or participation in research
• Vital interests: Processing necessary to protect someone's life (e.g., in emergency situations)

Data Sharing with Third Parties

We do not sell or rent your data. We only share necessary information with:

• Healthcare providers: Specialists, laboratories, pharmacies, and other healthcare facilities involved in your care
• Insurance providers: Medical aid schemes and insurance companies for billing and reimbursement purposes
• Service providers: Third-party vendors who help us operate our facilities and provide services (with appropriate data protection agreements)
• Government authorities: Regulatory bodies, public health agencies, and law enforcement when legally required
• Research partners: Academic and research institutions (using de-identified data unless you've provided explicit consent)

International Data Transfers

Some of our trusted service providers may be located outside South Africa. When we transfer your information internationally, we ensure appropriate safeguards are in place in compliance with POPIA, including:

• Data transfer agreements incorporating standard contractual clauses
• Verification that the recipient country has adequate data protection laws
• Obtaining additional consent when required by law

Data Security Measures

We implement comprehensive security measures to protect your information, including:

• Technical safeguards: Encryption, firewalls, intrusion detection, and secure authentication
• Administrative controls: Staff training, access limitations, and security policies
• Physical security: Controlled facility access, secure storage, and proper disposal procedures
• Risk assessments: Regular security evaluations and vulnerability testing
• Incident response: Protocols for detecting, reporting, and addressing potential data breaches

Your Privacy Rights

Under POPIA and applicable data protection laws, you have the following rights:

• Right to access: Request a copy of your personal information we hold
• Right to rectification: Request correction of inaccurate or incomplete information
• Right to erasure: Request deletion of your data under certain conditions
• Right to restriction: Limit how we use your data in specific circumstances
• Right to data portability: Receive your data in a structured, commonly used format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Revoke previously given consent for data processing
• Right to complain: Lodge a complaint with the Information Regulator of South Africa

Retention Policy

We retain your personal and health information in accordance with legal requirements and best practices in healthcare:

• Adult health records: Minimum of 6 years from the last date of service
• Minor health records: Until the patient reaches 21 years of age
• Financial records: 5 years from the date of the last transaction
• Longer retention periods: May apply for legal, clinical, research, or audit purposes

After the retention period expires, records are securely destroyed or de-identified in accordance with data protection regulations.

Cookies and Online Tracking

Our website and patient portal use cookies and similar technologies to enhance your experience and collect information about how you use our digital services. These technologies may collect:

• Information about your browser, device, and IP address
• Pages you visit and features you use on our digital platforms
• How you navigate through our website and patient portal

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our digital services.

Children's Privacy

We collect information about children (under 18) only with the consent of a parent or legal guardian, except in emergency situations where immediate treatment is necessary. Parents or guardians have the right to access and manage their children's health information in accordance with applicable laws.

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated to you via email, through notifications on our website, or during your next visit to our facility. We encourage you to review this policy regularly.

Contact Information

To exercise your rights, ask questions, or raise concerns about our privacy practices, please contact our Data Protection Officer: