Protection of Personal Information Policy
Dr. Megan van der Merwe Family Chiropractor
The right to privacy is well established in the South African Constitution which states that everyone has the right to privacy. The Protection of Personal Information Act No. 4 of 2013 (“POPIA”) is aimed at facilitating the protection of this important right.
In terms of POPIA, Dr. Megan van der Merwe Family Chiropractor qualifies as a “Responsible Party” that “Processes” “Personal Information” for “Data Subjects” (i.e. you as the patient). Therefore we are required to inform you how we use, disclose and destroy the Personal Information we obtain from you.
We are committed to protecting your privacy and will ensure that your Personal Information is used appropriately, transparently, and according to the applicable laws of the Republic of South Africa.
We will not use your personal information for any purposes not mentioned in this Policy without your consent, which consent shall be obtained by approving and signing the Informed Consent Form for Assessment and Treatment.
POPIA sets out 8 conditions with which we must comply in order to ensure lawful processing of your Personal Information:
- Accountability – the responsible party must ensure that the conditions and all the measures set out in the POPIA that give effect to such conditions are complied with at the time of determining the purpose and means of the processing;
- Processing Limitation – Personal information may only be processed in a fair and lawful manner and only with the consent of the data subject;
- Purpose Specific – Personal information may only be processed for specific, explicitly defined, and legitimate reasons;
- Further Processing Limitation – Personal information may not be processed for a secondary purpose unless that processing is compatible with the original purpose;
- Information Quality – the responsible party must take reasonable steps to ensure that the personal information collected is complete, accurate, not misleading, and updated where necessary;
- Openness – the data subject whose information you are collecting must be aware that you are collecting such personal information and for what purpose the information will be used;
- Security Safeguards – Personal information must be kept secure against the risk of loss, unlawful access, interference, modification, unauthorized destruction, and disclosure;
- Data Subject Participation – Data subjects may request whether their personal information is held, as well as the correction and/or deletion of any personal information held about them
WHAT INFORMATION DO WE COLLECT
The type of information we collect will depend on the need for which it is collected and will be processed for that specific purpose only. Where possible, we will inform you what information you are required to provide to us and what information is optional.
In terms of POPIA, the Personal Information we may collect relates to any information of a natural person or juristic person (including Companies, Close Corporations, or any other juristic entity), which includes, but is not limited to the following:
– Personal information is collected either voluntarily or via third-party processors.
– Voluntarily: We are able to collect personal information that you voluntarily give us via email, telephonically or another direct contact from you.
– We may collect, use and store the following personal information pertaining to you:
o Identifying particulars – Identification numbers.
o Contact information – Telephone numbers, residential and postal addresses as well as e-mail addresses.
o Medical aid details pertaining to the patient.
o Information and details are given during consultations.
– Third Parties: Information may be collected about you via our trusted third-party sources.
o This includes medical records, medical history, pathology, and radiology or from medical aids on request with consent from the patient.
We confirm that we shall only collect Personal Information required for a specific purpose, and we shall apply reasonable security measures to protect it and ensure it is relevant and up to date.
We will not retain your Personal Information for longer than is necessary to achieve the purpose for which we collected it unless there is a lawful basis or legal requirement for us to retain your Personal Information for a longer period.
HOW WE USE YOUR PERSONAL INFORMATION
We will use your Personal Information only for the purposes for which it was collected and agreed to with you. This may include:
– The use of your personal information is only done as the law allows us to. Your personal information is used most commonly in the following circumstances:
o To take steps to enter a contract with you.
o To comply with relevant legal obligations.
o For our interests (or a third party) and your interests and fundamental rights do not override those interests.
o You have consented to the above.
– Personal information can also be used in the following situations:
o Where you’re interests or someone else’s interests need to be protected.
o Where it is needed in the public interest or for official purposes.
o To provide health services to patients (on-going treatments and diagnosis)
o Administration, processing, and claiming of payments for services rendered including invoices/statements (financial records pertaining to the practice).
o Reporting to persons and bodies as required and authorized in terms of law of data subjects (legal matters, other healthcare professionals, research, and education).
o For appointment reminders via SMS or e-mail.
o We only collect personal information for specific, explicitly defined, and lawful purposes of conducting our business.
DISCLOSURE OF YOUR PERSONAL INFORMATION
Where necessary, we may disclose your Personal Information to our third-party service providers (i.e. IT, Accounting, Data Service Providers, etc.), and we shall ensure that our service providers take appropriate, reasonable, technical, and organisational measures to keep your Personal Information secure.
We may further disclose your Personal Information where we have a duty or a right to disclose the same in terms of applicable legislation, the law, or where it may be necessary to protect your rights and interests. This may include:
– Partners and affiliated companies
– Service providers – information may be disclosed to third-party contractors, technology, and other service providers who perform tasks on behalf of us. These service providers are allowed access and use of the information only as needed subject to contractual restrictions and security measures.
– In response to legal process – to comply with the law, a legal proceeding, court order, or another legal process i.e. subpoena.
– Third parties – such as medical aids on request.
– Government – Government bodies, regulators, and any other third party necessary to meet our legal regulatory obligations.
– Professional advisors – our own professional advisors and auditors for purpose of seeking professional advice or to meet our audit responsibilities.
SAFEGUARDING YOUR PERSONAL INFORMATION
POPI requires us to adequately protect your Personal Information we hold and to avoid unauthorized access and use of your personal information.
Our security measures will be continuously reviewed in order to ensure that your personal information remains secure.
If your Personal Information is transferred outside the Republic of South Africa to third-party service providers, we will take steps to ensure that your Personal Information receives the same level of protection as if it remained within the Republic, this will also not be done without your consent and the necessary authorization.
Dr. Megan van der Merwe Family Chiropractor has a service provider agreement in place with the Booking system that is used as well as a confidentiality agreement with the employees.
Our security policies and procedures cover:
– Physical security;
– Computer and network security;
– Password control;
– Secure filing systems;
– Controlled access to personal information;
YOUR RIGHTS TO ACCESS AND CORRECTION OF YOUR PERSONAL INFORMATION
You have the right to access the Personal Information we hold about you. You also have the right to ask us to update, correct, or delete any of your Personal Information.
As a Data Subject in terms of the POPIA Act, you do have the following rights:
– The right to be notified that:
o That your personal information is being collected;
o Your personal information has been accessed or acquired by an unauthorized person;
– Right of access:
o The right to establish whether we hold your personal information and to request access to our personal information (Request for access to a record of private body form available).
– Right to correction, destruction, or deletion:
o The right to request, where necessary, the correction, destruction, or deletion of your personal information (Request correction deletion personal information form available).
– Right to objection:
o The right to object on reasonable grounds relating to your situation to the processing of your personal information (Objection to the processing of personal information form available).
– Right with regards to automated processing:
o The right not to be subject, under certain circumstances, to a decision which is based solely on the basis of the automated processing of your personal information intended to provide a profile of you.
– The right to complain:
o The right to submit a complaint to the regulator regarding the alleged interference with the protection of personal information of any data subject or to submit a complaint to the regulator in respect of a determination of an adjudicator as; and
o To institute civil proceedings regarding the alleged interference with the protection of your personal information.
We will take all reasonable steps to confirm your identity before providing details for your Personal Information or making changes to your Personal Information.
You can contact us at the numbers or addresses listed below and request information or address any concerns:
Information Officer: Dr Megan van der Merwe
Telephone Numbers: (012) 751 6233
Postal address: 246 Lochner Road, Raslouw, Centurion, 0157
Physical address: 189 Sefako Makgatho Drive, Sinoville, Pretoria, 0182
Email address: firstname.lastname@example.org
CHANGES TO THIS POPIA POLICY
Please note that we may amend this Policy from time to time. Please check our website periodically to inform yourself of any changes. In case we do not have a website we will inform you of material changes to this Policy.