Privacy Statement
Privacy Statement for Munro and Partners Occupational Therapy Inc.
Introduction
This Privacy Policy applies to the above practice and all locations at which it operates. The practice recognises and respects the right to privacy and dignity of all persons including its clients, patients, Third Parties, website visitors and users (“you”). When you interact through any means (telephonic, email, website or any other digital portal as used for notes etc), all personal information will be treated as confidential and protected from unauthorised use, access, loss, or damage. This Privacy Policy governs the way the practice treats your personal information and is designed to help you understand how personal information is collected, used, stored, and shared when you visit/access our website and/or use any products and services. If you do not agree to the terms of this Privacy Policy, you may choose not to use the website, and/or products and services and not submit any personal information. This Privacy Notice and Consent forms part of our Terms and Conditions of Use and such shall be governed by and construed in accordance with the laws of South Africa. This Notice explains how we obtain, use and disclose your personal information, as is required by the Protection of Personal Information Act, 2013 (POPI Act). At Munro and Partners Occupational Therapy Inc. we are committed to protecting your privacy impact and to ensure that your Personal Information is collected and used properly, lawfully and openly.
What is Personal Information?
According to the POPI Act ‘‘Personal Information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. The POPI Act, which has more specific examples if you need them, can be found at the following link: www.gov.za/documents/download.php?f=204368.
Personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views, or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; g. the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
What Personal and Non-Personal Information is collected?
When you visit, browse, or interact through the practice website or any digital portal the practice may make use of, the following personal information about you may be collected:
- Name and Surname,
- ID/Passport Number,
- Contact details,
- Email address,
- Location,
- Health information,
- Information relating to your computer’s Internet Protocol (IP) address,
- browser type, browser version,
- the pages of our website that you visit, the date and time of your visit, the duration of time spent on the website pages, and
- other applicable statistics.
Personal information may also be collected from you directly during your use of the practice for therapy appointments.
Where the law requires that information regarding certain diseases be notified to the authorities, the practice will do so without delay. The practice may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal information, but is not considered personal information in law as this information does not, directly, or indirectly, reveal your identity.
We collect and process your Personal Information mainly to provide you with access to our services and products, to help us improve our offerings to you, to support our contractual relationship with you and for certain other purposes explained below. The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose.
We collect information directly from you where you provide us with your personal details, for example when you attend therapy, or when you submit enquiries to us or contact us. Where possible, we will inform you what information you are required to provide to us and what information is optional.
Purposes for which the practice uses your Personal Information
We will use your Personal and Non-Personal Information only for the purposes for which it was collected or agreed with you. Any information collected from you may be processed for, amongst others, the following purposes:
- To provide you with therapy services;
- To make an online appointment;
- To assess any medical treatment you may require;
- To process your accounts or any other enquiry;
- For audit and record-keeping purposes
- In connection with legal proceedings
- To confirm and verify your identity or to verify that you are an authorised customer for security purposes
- For statistical and research purposes;
- To diagnose and attend to technical issues, support and user queries, as well as to determine the optimal and fastest route for your device to use;
- To comply with legislative requirements;
- To process your application for a vacancy; or
- To detect, prevent or deal with actual or alleged fraud, security breach, or the abuse, misuse or unauthorised use of the website and/or contravention of this Privacy Policy.
- To notify you about changes to our service
- To respond to your queries or comments
- We will also use your Personal Information to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law.
- Where we collect Personal Information for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we must keep it for legitimate business or legal reasons. In order to protect information from accidental or malicious destruction, when we delete information from our services, we may not immediately delete residual copies from our servers or remove information from our backup systems.
- You can opt-out of receiving communications from us at any time. Any direct marketing communications that we send to you will provide you with the information and means necessary to opt-out.
Categories of Personal Information
The practice processes many different categories of personal information including, but not limited to:
- Contact details, such as phone numbers, physical and postal addresses, and email addresses;
- Personal details, such as names, family information, and ages;
- Demographic details, such as race and age groups;
- Health information;
- Biometric information;
- Financial information, such as account numbers; Credit information;
- Special personal information as it may relate to your medical treatment;
- Medical scheme information; and
- Background information.
Protection of your Personal Information
The practice takes the security of your personal information very seriously. The practice recognises the vital role that information technology plays in its daily operations, and the reliance placed on IT systems in processing personal information. Although absolute security cannot be guaranteed, the practice will take reasonable technical and organisational measures to protect your personal information against accidental, unauthorised, or intentional manipulation, loss, misuse, destruction, disclosure, or access. Reasonable mechanisms, tools and technologies have been implemented to detect, prevent, and respond to security violations. Information security policies and procedures that govern security safeguards are in place, including processes to govern instances of non-compliance with privacy policies, procedures, or applicable law.
Disclosure of your Personal Information
The practice may disclose your personal information if authorised to do so by law. The practice also engages with various third parties, to improve its service, create efficiency in its operations, and contribute towards the overall well-being of users and patients.
The practice will share your personal information if:
- you have provided consent;
- it is for the proper treatment and care of yourself; and/or
- it is in accordance with applicable law.
When the practice shares your information with any third party, they will be required to respect your right to privacy. The practice will only allow third parties to process your personal information for a specific purpose, in accordance with the practice’s instructions and applicable law.
Retention of your Personal Information
The practice may retain all personal information that is collected from you, as long as it remains necessary for the purposes for which it was collected unless there is a valid technical, legal, or business reason for it to be deleted, destroyed or to de-identify it. Patient medical records will be archived by the practice as defined by the HPCSA. Records remain active whilst a patient is involved in active therapy. On discharge, the record becomes inactive, and shall only be made available in accordance with the Promotion to Access of Information Act 2 of 2000. The practice may keep some of your personal information: for as long as it is required by law; if it is required by a code of conduct; if it is reasonably needed for lawful purposes related to the practice’s functions and activities; or if it is reasonably needed for evidentiary purposes.
Direct Marketing
The practice does not use data for marketing purposes, however, to ensure continuous improvement of the care and service offering, patients may be asked to complete service experience questionnaires.
Storage and transfer of your Personal Information
The practice stores your personal information on its servers and/or on third-party servers. The practice reserves the right to transfer to and/or store your personal information on servers in a jurisdiction other than where it was collected. The practice will take reasonably practicable steps to ensure that your personal information is adequately protected in that jurisdiction.
Cookies
The practice uses Cookies to understand your online activity and save your preference for future visits. A cookie is a small piece of data sent from our website to your computer or device or internet browser where it is saved. The cookie contains information to personalize your experience on the Practice website and applications. The cookie can identify your device, computer, or smartphone. By using the practice website and applications you agree that cookies may be forwarded from the relevant website or application to your computer or device. The practice may use the cookie to confirm that you visited the website. You have the right to choose whether or not to accept cookies. However, please note that if you do not accept the cookies, you may not be able to use the full functionality of the website or mobile applications.
We use the term “cookies” to refer to cookies and other similar technologies covered by the POPI Act on privacy in electronic communications.
- What is a cookie?
Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any information stored on your computer or your files. When a server uses a web browser to read cookies, they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.
- Why do we use cookies?
We use cookies to learn more about the way you interact with our content and help us to improve your experience when visiting our website. Cookies remember the type of browser you use and which additional browser software you have installed. They also remember your preferences, such as language and region, which remain as your default settings when you revisit the website. Cookies also allow you to rate pages and fill in comment forms. Some of the cookies we use are session cookies and only last until you close your browser, others are persistent cookies that are stored on your computer for longer.
- How are third party cookies used?
For some of the functions within our website, we use third party suppliers, for example, when you visit a page with videos embedded from or links to YouTube. These videos or links (and any other content from third party suppliers) may contain third party cookies and you may wish to consult the policies of these third-party websites for information regarding their use of cookies.
- How do I reject and delete cookies?
We will not use cookies to collect personally identifiable information about you. However, should you wish to do so, you can choose to reject or block the cookies set by the websites of any third-party suppliers by changing your browser settings – see the Help function within your browser for further details. Please note that most browsers automatically accept cookies so if you do not wish cookies to be used you may need to actively delete or block the cookies.
You can also visit www.allaboutcookies.org for details on how to delete or reject cookies and for further information on cookies generally. For information on the use of cookies in mobile phone browsers and for details on how to reject or delete such cookies, please refer to your handset manual. Note, however, that if you reject the use of cookies, you will still be able to visit our websites but some of the functions may not work correctly.
Other websites linked to this site
When you interact with the practice website, you may come across links to other websites and applications. The practice is not responsible for the security of those websites, or the information that it contains. In some cases, links are provided as a value-added service for information purposes only. Please remember that when you click on a link on the practice website and you are taken to another web page or website or application that this Privacy Policy will no longer apply. You also acknowledge that by clicking on a link, that you do so at your own risk and hold the practice harmless against any loss or damage that may occur.
Processing of Children’s Information
The practice respects the rights of children and will only process the personal information of children if the consent of a competent person has been obtained, or if required to do so by law.
Purpose Statement
Your personal information, as well as your health records, will be exchanged with your other healthcare providers and/or your medical schemes (while complying with applicable privacy and data protection legislation) via the appropriate means: to improve patients’ treatment and healthcare outcomes by sharing clinical information in a secured way among healthcare professionals and healthcare service providers; through the sharing of clinical information in a secured way among healthcare professionals; and to improve the quality, safety and efficiency of the healthcare a patient receives through an increased administrative and clinical information interchange process whilst still protecting consumer privacy.
When you are registered as a patient at the practice, the practice will first request your consent to process your personal information before it is shared with any healthcare provider or medical scheme.
Changes to this Privacy Policy
From time to time, changes will be required to this Privacy Policy. Please check this website to inform yourself of any changes made to this Privacy Policy.
Your Rights
The practice will, process your personal information in accordance with applicable laws and your rights are set out below:
- You have the right to correct your personal information if it is incorrect (We will take all reasonable steps to confirm your identity before making changes to the Personal Information we may hold about you. We would appreciate it if you would take the necessary steps to keep your Personal Information accurate and up-to-date by notifying us of any changes, we need to be aware of.
- You have the right to update your personal information if your details have changed;
- You have the right to object to the processing of your personal information; (POPI Act section 18. (h) (iv) as referred to in section 11(3) of the POPIA)
- You have the right to your personal information being deleted (the practice does not make use of Automated Decision Making in connection with your personal data); and
- You have the right to be informed if your information has been deleted.
- You have the right to request a copy of the Personal Information we hold about you. To do this, simply contact us at the numbers/addresses listed on our home page and specify what information you would like. We will take all reasonable steps to confirm your identity before providing details of your personal information.
If you would like to exercise any of your rights: Complete the relevant forms (available from the practice) to: submit any objection that you may have; or to request for any correction, deletion, or destruction of your personal information.
You acknowledge that, in some cases, the practice may not be able to comply with your request to delete or destroy your personal information if this request conflicts with applicable law.
Information Regulator
You have the right to complain to the Information Regulator, whose contact details are: Information Regulator Tel: (012) 406 4848 Fax: 086 500 3351 Email: Inforeg@justice.gov.za
33 Hoofd Street
Forum III, 3rd Floor Braampark
P.O Box 31533
Braamfontein, Johannesburg, 2017
Mr Marks Thibela
Chief Executive Officer
Tel No. +27 (0) 10 023 5207, Cell No. +27 (0) 82 746 4173
Email inforeg@justice.gov.za
Important Information
If you have any queries about this notice or believe we have not adhered to it, or need further information about our privacy practices or wish to give or withdraw consent, exercise preferences or access or correct your personal information, please contact us at the numbers/addresses listed on our website: www.rehabhands.co.za (practice administrator) for Munro and Partners Occupational Therapy Inc.
Upon clicking the link to this policy and or continuing on this website, we accept that:
- You have read the contents of this policy;
- You understood the contents of this policy;
- You agree with the contents of this policy;
- You have no objections to your personal information being managed in this way by the practice; and
- That you have no questions regarding the contents of this policy.
Information Officer
Ms L Munro
Norwich Close, Sandton
admin@rehabhands.co.za
References
- The Constitution of the Republic of South Africa, 1996 (Act No 108 of 1996)
- The Children’s Act No 38 of 2005
- The Choice of Termination of Pregnancy Act No 92 of 1996.
- The Electronic Communications and Transactions Act No 25 of 2002
- The Medical Schemes Act No 131 of 1998
- The Mental Health Care Act No 17 of 2002 vii. The National Health Act No 61 of 2003
- The Promotion of Access to Information Act No 2 of 2000
- The Protection of personal information Act No 4 of 2013