PROGRESSIVE PRIMARY HEALTH CARE PRIVACY POLICY
- Privacy Statement
1.1 Introduction
PPHC acknowledges and supports personal rights and the right to privacy. Accordingly, our learners and stakeholders’ rights privacy and trust are extremely important to us. We will ensure that personal information is collected and handled in a transparent and lawful manner in alignment with the Protection of Personal Information Act, 2013 (“POPIA”).
It is important that you read this Statement carefully before submitting any information to PPHC:
- By submitting any information to PPHC, you provide consent to the processing of your personal information as set out in this Statement.
- The provisions of this Statement are subject to mandatory, unalterable provisions of applicable laws.
- Please do not submit any information to PPPHC if you do not agree to any of the provisions of this Statement. If you do not consent to the provisions of this Statement, or parts of the Statement, PPHC may not be able to provide its services to you.
- We respect privacy and we promise to:
1.1.4.1 Implement reasonable computer, physical and procedural safeguards to protect the security and confidentiality of the information we collect.
1.1.4.2 Limit the information collected to the minimum required to provide a better service and/or meet our other goals.
1.1.4.3 Permit only properly trained, authorised employees to access information.
1.1.4.4 Not to disclose your information to external parties unless we are required or permitted by law to do so and authorised by our Information Officer.
1.2 Purpose
PPHC offers a wide range of services. This Statement explains how we use the information we collect from you when you use our services, and by providing information to us you agree to the information being processed as set out in this Statement.
This Statement also:
1.2.1 sets out the types of information that we collect
1.2.1 explains how and why we collect and use your information.
1.2.3 explains whom we share your information with; and
1.2.4 explains the rights and choices you have when it comes to your information,
1.2.5 explains how to contact us or the relevant authorities.
We have no control over, do not review, and are not responsible for third party sites, their content, or any goods or services available through these.
1.3 Legislation and Regulations
This Statement is subject to the laws of the Republic of South Africa in particular POPIA as well as other relevant data protection legislation. Any dispute arising, will, to the extent permitted by law, be first attempted to be settled internally and if this is not possible be referred for arbitration to be determined by us applying the Uniform Rules of the High Court of South Africa.
In the interest of compliance with the Promotion of Access to Information Act, 2000 (PAIA), PPHC offers you the opportunity to view our PAIA manual on our website: https://www.kznpphc.org.za/paia-manual.
1.4 Roles and Responsibilities.
Based on POPIA, the following role players are relevant to this Statement:
1.4.1 Information Regulator
The Information Regulator Office duties includes providing education, monitoring and compliance enforcement, handling of complaints and facilitation of cooperation in the enforcement of privacy laws.
In the context of this Statement this is the office of individuals appointed by the President of South Africa in terms of POPIA.
1.4.2 Information Officer
The individual is the Executive Director of PPHC who is registered with the Information Regulator in terms of the PAIA and POPIA and is responsible for ensuring that PPHC comply with these Acts.
1.4.3 Deputy Information Officer
The individual is registered with the Information Regulator in terms of the PAIA and POPIA and have been delegated responsibilities in driving required activities on behalf of the Information Officer. This function will be the responsibility of the Finance & Administration Officer. In the context of this statement these are the participants of the Privacy and Security Committee.
1.4.4 Data subject
Any natural or juristic person who is identifiable by means of an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural, or social identity.
In the context of this Statement this is the person whose information is being processed by PPHC.
1.4.5 Responsible Party
The party who determines the purpose of and means for processing personal information and is also responsible for protecting (safeguarding) the information.
4.6 Operator or Processing Party
The party who processes (collect, receive, record, collate, store, retrieve, alter, use, distribute, erase or delete) information for a responsible party in terms of a contractual agreement or mandate on behalf of a Responsible Party.
In the context of this Statement this is either PPHC or a Stakeholder/partner.
- Information Collection
2.1 To register or make use of PPHC programs and services you are required to provide us with your personal information including but not limited to your South African ID number, name, surname, contact information and other personal details.
2.2 You may provide personal information to us either directly or indirectly (through a person acting on your behalf), by completing an application form for our services or requesting further information about our products and services, whether in writing, through our website, over the telephone or any other means.
2.3 We only collect information that is reasonably necessary for our organisational functions and activities and related purposes. The type of information we collect and hold, will depend on the purpose for which it is collected and used. Where possible, we will inform you what information you are required to provide to us. The information we process is to:
2.3.1 provide you with the services you want,
2.3.2 to manage and improve our operations,
2.3.3 to manage and improve our website and mobile platforms with the aim of improving your service experience.
We may also collect your personal information from a person acting on your behalf, any regulator, or other third party that may hold such information.
You agree to give accurate and current information about yourself to PPHC and to maintain and update such information when necessary. To improve the accuracy of our data and get to know our learners and stakeholders better, we may enrich them from other third parties.
- Services in Collaboration with Stakeholders.
PPHC has various partnerships. To deliver services, varying levels of information are required to be processed, including obtained from or shared with relevant stakeholders. When you agree to the PPHC and/or stakeholder’s terms and conditions, it allows us to share the relevant information to facilitate the service being rendered to you.
Note that some of our products and services may require you to provide additional information directly to a stakeholder/ partner of ours. In such instance, PPHC process this information on the stakeholder/ partner’s behalf and as such the relevant stakeholder/ partner remains responsible for protecting this information, not PPHC. When signing up with one of our Stakeholders/partners, it is important for you to recognise that you are establishing a direct, binding relationship with such a stakeholder/partner under their terms & conditions and related privacy policies and that they would be the responsible party under POPIA.
- Persons under 18 years
PPHC will not knowingly collect any information of persons (minors) under the age of 18 years without the consent of a parent/guardian.
If you become aware that a “child” has provided their personal information without parental consent, please contact us immediately. If we become aware that a child has provided us with personal information without parental consent, we will take steps to rectify this.
- Purpose and Use of Information
PPHC use your information for the purposes for which it was collected or agreed with you to facilitate the provision of our products and services to you, and for purposes which are within reasonable expectations and are permitted by law.
Examples of information collected from you or other sources and processed by PPHC are detailed below (which is not an exhaustive list) and linked to the purpose thereof.
5.1 ID number to validate who you are. We are also required to process this information where required by law or to facilitate the registration of an external service or product you have signed up for.
5.2 Regulatory compliance – to be adhere to.
5.3 Contact information – to facilitate essential support via communications as well as to better customise our offering to you, including:
5.3.1 Sending information regarding services and programs as well as informing you of information related to your study/service.
5.3.2 Requesting your feedback and opinion in the form of surveys, opinion polls or focus groups, should you wish to participate.
5.3.3 Contacting you in relation to Customer feedback, complaints, or other feedback you may wish to give us where you agree to us contacting you.
5.3.4 Employment applications and related correspondence.
5.4 Any additional information relating to you that you provide to us directly through the website, or indirectly through use of offline or online, through our representatives or otherwise.
5.5 Share information with 3rd parties as an outsourced function, with the purpose of communicating to you and/or facilitate/operate the subscribed service(s).
We may also use your information for the following reasons:
5.5.1 complying with statutory and regulatory requirements,
5.5.2 complying with valid requests for information, including subject access requests and requests in terms of PAIA.
5.5.3 complying with information requests by regulators or bodies lawfully requesting the information (e.g., tax authorities).
5.5.4 assisting in law enforcement and/or fraud investigations,
5.5.5 providing you with the services, products you have requested, and notifying you about important changes to these services or products.
5.5.6 managing your account or relationship and complying with your instructions or requests.
- 5.5.7 detecting and preventing fraud and money laundering and/or in the interest of security and crime prevention.
5.5.8 complying with applicable laws.
5.5.9 recording and/or monitoring your telephone calls and electronic communications to/with PPHC to accurately carry out your instructions and requests.
5.5.10 conducting market research and providing you with information about PPHC’s products or services from time to time via email, telephone, or other means.
5.5.11 where you have unsubscribed from certain marketing communications, ensuring that we do not send such to you again.
5.5.12 disclosing your personal information to third parties for reasons set out in this statement or where it is not unlawful to do so.
5.5.13 monitoring, keeping record of and having access to all forms of correspondence or communication received by or sent from PPHC or any of its employees, including monitoring, recording, and using as evidence all telephone communications between you and PPHC.
5.5.14 prevention and control of any disease.
- Direct Marketing and Opting Out
If you are an existing learner or stakeholder, we may communicate with you based on the preferences as selected by you in relation to products or services you are interested in. This may include making contact via telephone, email, sms, social media and other channels.
You may opt-out from receiving future promotional information or direct marketing from PPHC by replying to the email, WhatsApp or via sms.
- Retention and Destruction of Information
Information that PPHC collects is kept in a form which permits retention of your information for no longer than is necessary to fulfil the purposes for which it was collected and processed.
PPHC will retain your information where reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, or fulfil your request to “unsubscribe” from further messages from us.
We may retain de-identified, anonymised or pseudonymised information after your account has been closed using techniques that do not permit your re-identification. If none of the afore-mentioned scenarios are required, PPHC will permanently delete (electronic) and shred (paper) after the purpose of collection the information has expired.
- Information Preservation and Protection
PPHC will take reasonable steps to protect the information we collect, hold and process from misuse, loss and from unauthorised access, modification or disclosure. We hold information both at our own premises and with the assistance of our service providers.
This is based on the information security principles of Confidentiality, Integrity, Availability and Privacy (CIAP) as governed by our Information Security Policy. This sets out PPHC’s objectives and general approach to information security, which aims to protect PPHC’s learners and stakeholders’ information and safeguard any personally identifiable information within our custody. We seek to achieve the following 5 key objectives as it relates to Information Security:
8.1 Culture
Improve the security culture through continuous education and awareness.
8.2 Risk-based Protection-A focused, risk-based approach to protect assets and information.
8.3 Compliance- Comply to the legal and regulatory requirements.
8.4 Detect and respond – Balance the need for protection with effective detection and response.
8.5 Culture
Integrate security into organisational decisions through ownership and leadership.
Because no data transmission over the internet is completely secure, and no IT system of physical or electronic security is impenetrable, we cannot guarantee the security of the information you send to us or the security of our servers or databases. Having noted that, we do take every reasonable step within our control, to protect your information and preserve the accuracy thereof. Quality of information means that the information we use must be appropriate, complete and reliable. The higher data quality we maintain, the better service we can render.
- Information Disclosure
Notwithstanding anything to the contrary in this Statement, PPHC reserves the right to disclose any information about you if we are required to do so by law, and if we believe that such action is necessary to:
9.1 fulfil a government request;
9.2 conform with the requirements of the law or legal process;
9.3 protect or defend our legal rights or property, our website, or other users; or
9.4 in an emergency to protect the health and safety of our website’s users or the public.
Authorised PPHC employees or agents will have access to some or all your information. We may also disclose your information with our stakeholders. Such data sharing is governed by our CIAP information security principles and associated practices.
We do use service providers to provide our services and maintain our systems, including but not limited to maintenance, security, and system development. These parties will have access to your information as reasonably necessary to perform these tasks on our behalf (namely role-based access). Where we contract with service providers, and wherever possible, we impose contractual obligations on them to ensure that your information is handled and secured in accordance with law and good practise.
- Your Right to Access Information
You have the right:
10.1 to confirm with us whether we hold any information about you.
10.2 at a prescribed fee, we will give you a written estimate of:
10.2.1 record of information held by us,
10.2.2 description of the information held by us, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information.
10.3 update and correct any out-of-date or incorrect information we hold about you.
10.4 destroy or delete a record of information of you which we are no longer authorised to retain; and
- 10.5 update your communication preferences and / or unsubscribe from communications we may send you.
Before we provide you with access to your information, we may require proof of identity. We may require up to 21 (twenty-one) days to respond to any requests for information. We may refuse to disclose some information in accordance with PAIA.
If you require PPHC to delete all your information that we have about you, please also contact our Information Officer. Note that you will probably have to terminate all agreements you have with us, as we cannot maintain our relationship with you without at least having some of your information. We may also refuse to delete some of your information if we are required by law to retain it or if we need it to protect our rights.
- Information Breach Notification
A security compromise or information breach can be described as a threat to the Confidentiality, Integrity, Availability or Privacy of IT systems and/or information.
When there are reasonable grounds to believe that your information has been accessed, altered, deleted, or acquired by any unauthorised person, we will notify the Information Regulator and yourself in cases where your identity can be established. This notification will be done in accordance with the provisions of POPIA and as soon as reasonably possible after the discovery of the compromise, considering the legitimate needs of law enforcement or any measures reasonably necessary to determine the scope of the compromise and to restore the integrity of our systems.
- 12. Amendment of this Statement/Policy
We may amend this Statement from time to time for any of the following reasons:
12.1 to provide for the introduction of new systems, methods of operation, services, or products.
12.2 to comply with changes to any legal or regulatory requirement.
12.3 to ensure that this Statement/Policy is clearer and more favourable to you.
12.4 to rectify any mistake that may be discovered from time to time; and/or
12.5 for any other reason which PPHC, in its sole discretion, may deem reasonable or necessary.
Any such amendment will come into effect and become part of any agreement you have with PPHC when Statement is given to you of the change by publication on our website. It is your responsibility to check the website often.
- Contact Us
13.1. PPHC Information Officer
If you have questions about this Privacy Statement or wish to exercise your rights in terms of access to, correction, or deletion of your information, please contact us via our landline 031-3031014 or director@pphc.org.za and we will attempt to resolve your query.
If unable to, and depending on your situation, we will explain the process to follow and potentially refer your query to subject matter experts.
Our Information Officer contact details are:
Information Officer / Deputy Information Officer
Address: 303 Avondale Road, Morningside, Durban.
Tel: +27 (31) 303 1014
Email: director@pphc.org.za/financeadmin@pphc.org.za
13.2. Information Regulator (South Africa)
Should you believe that PPHC has utilised information contrary to applicable law, you undertake to first attempt to resolve any concerns with PPHC. If you are not satisfied with such process, you have the right to lodge a complaint with the Information Regulator of South Africa.
The Information Regulator’s contact details are:
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O Box 31533, Braamfontein, Johannesburg, 2017
Email: inforeg@justice.gov.za
Website: https://www.justice.gov.za/inforeg/