Privacy Statement for Munro and Partners Occupational Therapy Inc.
What is Personal Information?
According to the POPI Act ‘‘Personal Information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. The POPI Act, which has more specific examples if you need them, can be found at the following link: www.gov.za/documents/download.php?f=204368.
Personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views, or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; g. the views or opinions of another individual about the person; and
- the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
What Personal and Non-Personal Information is collected?
When you visit, browse, or interact through the practice website or any digital portal the practice may make use of, the following personal information about you may be collected:
- Name and Surname,
- ID/Passport Number,
- Contact details,
- Email address,
- Health information,
- Information relating to your computer’s Internet Protocol (IP) address,
- browser type, browser version,
- the pages of our website that you visit, the date and time of your visit, the duration of time spent on the website pages, and
- other applicable statistics.
Personal information may also be collected from you directly during your use of the practice for therapy appointments.
Where the law requires that information regarding certain diseases be notified to the authorities, the practice will do so without delay. The practice may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal information, but is not considered personal information in law as this information does not, directly, or indirectly, reveal your identity.
We collect and process your Personal Information mainly to provide you with access to our services and products, to help us improve our offerings to you, to support our contractual relationship with you and for certain other purposes explained below. The type of information we collect will depend on the purpose for which it is collected and used. We will only collect information that we need for that purpose.
We collect information directly from you where you provide us with your personal details, for example when you attend therapy, or when you submit enquiries to us or contact us. Where possible, we will inform you what information you are required to provide to us and what information is optional.
Purposes for which the practice uses your Personal Information
We will use your Personal and Non-Personal Information only for the purposes for which it was collected or agreed with you. Any information collected from you may be processed for, amongst others, the following purposes:
- To provide you with therapy services;
- To make an online appointment;
- To assess any medical treatment you may require;
- To process your accounts or any other enquiry;
- For audit and record-keeping purposes
- In connection with legal proceedings
- To confirm and verify your identity or to verify that you are an authorised customer for security purposes
- For statistical and research purposes;
- To diagnose and attend to technical issues, support and user queries, as well as to determine the optimal and fastest route for your device to use;
- To comply with legislative requirements;
- To process your application for a vacancy; or
- To notify you about changes to our service
- To respond to your queries or comments
- We will also use your Personal Information to comply with legal and regulatory requirements or industry codes to which we subscribe or which apply to us, or when it is otherwise allowed by law.
- Where we collect Personal Information for a specific purpose, we will not keep it for longer than is necessary to fulfil that purpose, unless we must keep it for legitimate business or legal reasons. In order to protect information from accidental or malicious destruction, when we delete information from our services, we may not immediately delete residual copies from our servers or remove information from our backup systems.
- You can opt-out of receiving communications from us at any time. Any direct marketing communications that we send to you will provide you with the information and means necessary to opt-out.
Categories of Personal Information
The practice processes many different categories of personal information including, but not limited to:
- Contact details, such as phone numbers, physical and postal addresses, and email addresses;
- Personal details, such as names, family information, and ages;
- Demographic details, such as race and age groups;
- Health information;
- Biometric information;
- Financial information, such as account numbers; Credit information;
- Special personal information as it may relate to your medical treatment;
- Medical scheme information; and
- Background information.
Protection of your Personal Information
The practice takes the security of your personal information very seriously. The practice recognises the vital role that information technology plays in its daily operations, and the reliance placed on IT systems in processing personal information. Although absolute security cannot be guaranteed, the practice will take reasonable technical and organisational measures to protect your personal information against accidental, unauthorised, or intentional manipulation, loss, misuse, destruction, disclosure, or access. Reasonable mechanisms, tools and technologies have been implemented to detect, prevent, and respond to security violations. Information security policies and procedures that govern security safeguards are in place, including processes to govern instances of non-compliance with privacy policies, procedures, or applicable law.
Disclosure of your Personal Information
The practice may disclose your personal information if authorised to do so by law. The practice also engages with various third parties, to improve its service, create efficiency in its operations, and contribute towards the overall well-being of users and patients.
The practice will share your personal information if:
- you have provided consent;
- it is for the proper treatment and care of yourself; and/or
- it is in accordance with applicable law.
When the practice shares your information with any third party, they will be required to respect your right to privacy. The practice will only allow third parties to process your personal information for a specific purpose, in accordance with the practice’s instructions and applicable law.
Retention of your Personal Information
The practice may retain all personal information that is collected from you, as long as it remains necessary for the purposes for which it was collected unless there is a valid technical, legal, or business reason for it to be deleted, destroyed or to de-identify it. Patient medical records will be archived by the practice as defined by the HPCSA. Records remain active whilst a patient is involved in active therapy. On discharge, the record becomes inactive, and shall only be made available in accordance with the Promotion to Access of Information Act 2 of 2000. The practice may keep some of your personal information: for as long as it is required by law; if it is required by a code of conduct; if it is reasonably needed for lawful purposes related to the practice’s functions and activities; or if it is reasonably needed for evidentiary purposes.
The practice does not use data for marketing purposes, however, to ensure continuous improvement of the care and service offering, patients may be asked to complete service experience questionnaires.
Storage and transfer of your Personal Information
The practice stores your personal information on its servers and/or on third-party servers. The practice reserves the right to transfer to and/or store your personal information on servers in a jurisdiction other than where it was collected. The practice will take reasonably practicable steps to ensure that your personal information is adequately protected in that jurisdiction.
We use the term “cookies” to refer to cookies and other similar technologies covered by the POPI Act on privacy in electronic communications.
- What is a cookie?
Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any information stored on your computer or your files. When a server uses a web browser to read cookies, they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.
- How are third party cookies used?
- How do I reject and delete cookies?
Other websites linked to this site
Processing of Children’s Information
The practice respects the rights of children and will only process the personal information of children if the consent of a competent person has been obtained, or if required to do so by law.
Your personal information, as well as your health records, will be exchanged with your other healthcare providers and/or your medical schemes (while complying with applicable privacy and data protection legislation) via the appropriate means: to improve patients’ treatment and healthcare outcomes by sharing clinical information in a secured way among healthcare professionals and healthcare service providers; through the sharing of clinical information in a secured way among healthcare professionals; and to improve the quality, safety and efficiency of the healthcare a patient receives through an increased administrative and clinical information interchange process whilst still protecting consumer privacy.
When you are registered as a patient at the practice, the practice will first request your consent to process your personal information before it is shared with any healthcare provider or medical scheme.
The practice will, process your personal information in accordance with applicable laws and your rights are set out below:
- You have the right to correct your personal information if it is incorrect (We will take all reasonable steps to confirm your identity before making changes to the Personal Information we may hold about you. We would appreciate it if you would take the necessary steps to keep your Personal Information accurate and up-to-date by notifying us of any changes, we need to be aware of.
- You have the right to update your personal information if your details have changed;
- You have the right to object to the processing of your personal information; (POPI Act section 18. (h) (iv) as referred to in section 11(3) of the POPIA)
- You have the right to your personal information being deleted (the practice does not make use of Automated Decision Making in connection with your personal data); and
- You have the right to be informed if your information has been deleted.
- You have the right to request a copy of the Personal Information we hold about you. To do this, simply contact us at the numbers/addresses listed on our home page and specify what information you would like. We will take all reasonable steps to confirm your identity before providing details of your personal information.
If you would like to exercise any of your rights: Complete the relevant forms (available from the practice) to: submit any objection that you may have; or to request for any correction, deletion, or destruction of your personal information.
You acknowledge that, in some cases, the practice may not be able to comply with your request to delete or destroy your personal information if this request conflicts with applicable law.
You have the right to complain to the Information Regulator, whose contact details are: Information Regulator Tel: (012) 406 4848 Fax: 086 500 3351 Email: Inforeg@justice.gov.za
33 Hoofd Street
Forum III, 3rd Floor Braampark
P.O Box 31533
Braamfontein, Johannesburg, 2017
Mr Marks Thibela
Chief Executive Officer
Tel No. +27 (0) 10 023 5207, Cell No. +27 (0) 82 746 4173
If you have any queries about this notice or believe we have not adhered to it, or need further information about our privacy practices or wish to give or withdraw consent, exercise preferences or access or correct your personal information, please contact us at the numbers/addresses listed on our website: www.rehabhands.co.za (practice administrator) for Munro and Partners Occupational Therapy Inc.
Upon clicking the link to this policy and or continuing on this website, we accept that:
- You have read the contents of this policy;
- You understood the contents of this policy;
- You agree with the contents of this policy;
- You have no objections to your personal information being managed in this way by the practice; and
- That you have no questions regarding the contents of this policy.
Ms L Munro
Norwich Close, Sandton
- The Constitution of the Republic of South Africa, 1996 (Act No 108 of 1996)
- The Children’s Act No 38 of 2005
- The Choice of Termination of Pregnancy Act No 92 of 1996.
- The Electronic Communications and Transactions Act No 25 of 2002
- The Medical Schemes Act No 131 of 1998
- The Mental Health Care Act No 17 of 2002 vii. The National Health Act No 61 of 2003
- The Promotion of Access to Information Act No 2 of 2000
- The Protection of personal information Act No 4 of 2013