last updated 29/06/2021
Data protection and disclosure of information:
As part of our day-to-day business of providing Audiological services (the “Services”), we need to collect personal information from our clients and potential clients to ensure that we can meet their needs for the provision of or information about the Services.
Your privacy is important to us and it is our policy to respect the confidentiality of information and the privacy of individuals. This notice outlines how we manage your personal information and details your rights in respect of our processing of your personal information.
We process your information in terms of our Protection of Information Policy and Retention of Data Policy. To review same, kindly send a request to the Information Officer: Candice van Heerden at firstname.lastname@example.org
Defined terms herein, where not herein defined, are defined within the Protection of Personal Information Act, 2013 (as may be amended or substituted from time to time) (“POPIA”).
Who are we?
This Privacy Notice applies to the processing activities of Candice van Heerden Audiology (the “Practice).
Our Privacy Notice will be reviewed from time to time to take account of new obligations and technology, changes to our operations and practices, and to make sure it remains appropriate to the changing environment.
What kind of Personal Information do we collect?
We collect information necessary to fulfil our obligations to our patients while providing our Services.
We may collect the following types of information about you:
Name, address, contact details, date of birth, medical aid details, location data, and next of kin information.
On occasion the following sensitive Personal Information may be obtained during consultation with the audiologist: physical or mental health details and employment history. We will only obtain and process this information with your express consent as set out in terms of the relevant contractual terms.
Much of this information is collected to establish and assess the reasons for a referral to us as well as whether we can and should provide the Services (and products, where relevant) to you. If you chose not to provide the information required, we may not be able to provide you with the requested product or service.
If you provide us with any Personal Information relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained their consent and/or are a Competent Person in respect to the provision of such Personal Information.
The main activities of the Practice are the provision of Audiological services. In certain instances, minor children are seen in the practice. In this respect, by submitting Personal Information (including sensitive personal information) to the Practice, you expressly provide your informed consent for the collection, processing and storage of such Personal Information in respect of such minor child and confirm that you are duly authorised to do so as a Competent Person.
How is the Personal Information obtained?
We obtain this information in a number of ways, for example through the provision of an assessment, interviews with you, relevant and related educators, relevant and related health care professionals, family members, questionnaires etc. as well as from information provided in the course of ongoing services and communication. Additionally, we may obtain Personal Information about you through your use of our websites, apps, or using cookies on our websites, in particular by recording your activity and which pages you look at on our websites (please see below on Cookies).
We may record any communications with you including electronic (including video conference), by telephone, in person or otherwise, which will constitute evidence of the communications between us. This information is collected in compliance with our regulatory duties in relation to our record keeping obligations. It may or may not be retrievable.
Such conversations may be recorded without the use of a warning tone or any other further notice. Further, if you visit any of our offices or premises, we may have CCTV which may record your image and conversations which you acknowledge, understand and accept.
What Lawful Basis do we rely on?
We may be required to collect and use certain types of Personal Information to comply with the requirements of the law and/or regulations, however we are committed to processing all personal information in accordance with POPIA and any other relevant data protection laws and codes of conduct (herein collectively referred to as “the data protection laws”) which are applicable to Candice van Heerden Audiology and its business.
The data protection laws allow us to only process your data for certain reasons:
- to perform a contract that we are party to;
- to carry out legally required duties;
- for us to carry out our legitimate interests;
- where we obtain your consent;
- to protect your interests; and
- where something is done in the public interest.
Where our use of your personal information requires consent, such consent will be provided explicitly by you as set out herein, in the Terms & Conditions entered into by you with Candice van Heerden Audiology or as otherwise provided or procured.
If we rely on your consent as our legal basis for processing your personal information, you then have the right to withdraw that consent at any time by contacting us using the contact details set out in this Privacy Notice; however, the withdrawal of consent may be limited by law or contract or subject to the completing of a relevant service or other similar and related activity. Withdrawal of consent will likely necessitate the termination of services.
We use Elixir from MedeMass to invoice and store patient details as well as submit the claims to the medical aid.
We use Dropbox as a means of storing practice and patient information. Dropbox is designed to meet stringent privacy and security standards based on industry best practices. The practice makes use of My Appointment to schedule bookings and send out SMS reminders. The patient consents to having an SMS reminder sent to them prior to each appointment. Further information can be provided on request or researched via their respective websites. You consent to us processing personal information via these channels as well as telephonic communication.
What we do with the personal information we obtain?
We may use information held about you in the following ways:
- To provide you with any services and/or products and information you request from us (which includes carrying out any obligations arising from any contracts entered into between you and us);
- to notify you about changes to our services;
- to provide you with information by post, email, telephone or otherwise about products and services of a similar nature to those you have previously purchased or expressed an interest in which are offered by Candice van Heerden Audiology and which we think may be of interest to you. You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by contacting us by phone or email using the details in the ‘Contact us’ section below. You can unsubscribe from emails by following the unsubscribe instructions included in every email; alternatively, on request to the Information Officer.
- to administer our sites and for internal operations, including troubleshooting, data analysis, load management, testing, research, statistical and survey purposes;
- to improve our sites to ensure that content is presented in the most effective manner for you and for your device;
- to measure or understand the effectiveness of content we serve to you and others, and to deliver relevant content to you;
- for the purposes of providing services such as ‘most popular’ information on our site;
- to deliver targeted advertisements to you and others as you browse the internet;
- to obtain your feedback on a product, service or our sites via a third party appointed by us;
- to allow you to participate in interactive features of our sites, when you choose to do so; and
- as part of our efforts to keep our sites safe and secure.
Disclosure of your personal information
We may share the Personal Information we hold about you across Candice van Heerden Audiology to enable us to better understand your needs and run your accounts in the efficient way that you expect. Your Personal Information may also be used for customer modelling,
statistical and trend analysis, with the aim of developing
and improving our products and services.
We will never sell, trade, or rent your Personal Information to others; however, we may share your information with selected third parties including:
- our service providers, suppliers and sub-contractors for the performance of any contract we have entered into with them. They may then process this data on our behalf to help run some of our internal business operations for example IT services.
- governmental or judicial bodies or agencies to comply with our legal and regulatory obligations;
- non-affiliated companies may sometimes be used to provide certain services such as preparing and mailing reports, account statements and other information, conducting research on client satisfaction;
- advertisers and advertising networks that require the data to select and serve adverts about our services to you and others. It will only be passed to third party advertisers in order to provide services on behalf of Candice van Heerden Audiology.
- data, service and software providers that assist us in the improvement and optimisation of our sites;
Where we share your data with third parties we ensure that your data is held securely and in line with applicable legislation.
How we store Personal Information
Safeguarding the privacy of your information is important to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium.
We hold Personal Information in a combination of secure computer storage facilities and paper-based files and other records and take steps to protect the Personal Information we hold from misuse, loss, unauthorised access, modification or disclosure.
When we consider that Personal Information is no longer needed, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time in line with our regulatory obligations.
If we hold any Personal Information in the form of a recorded communication, by telephone, electronic, in person or otherwise in relation to our regulatory obligations as detailed above, this information will be held in line with local regulatory requirements which will generally be until the minor child turns twenty-one years old, or unless a diagnosed disability is present, in which case the information is kept until the client is deceased.
Where you have opted out of receiving marketing communication we will hold your details on our suppression list so that we know you do not want to receive these communications.
Management and Safeguarding of Personal Information
We always take appropriate technical and organisational measures to ensure that your information is secure. In particular, we train our employees who handle Personal Information to respect the confidentiality of customer information and the privacy of individuals. We regard breaches of your privacy very seriously and will impose appropriate penalties, including dismissal where necessary. We have appointed an Information Officer to ensure that our management of Personal Information is in accordance with this Privacy Notice, applicable policies, and the applicable legislation.
The internet is an open medium and we cannot guarantee that any information you send to us by email or via our sites will not be intercepted or tampered with; any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to prevent unauthorised access.
Your rights as a data subject
The data protection laws give you certain rights in relation to the data we hold on you. These are:
- the right to be notified. This means that we must tell you how we use your Personal Information, and this is the purpose of this Privacy Notice;
- the right of access. You have the right to access the Personal Information that we hold on you. To do so, you should make a subject access request;
- the right for any inaccuracies to be corrected. If any Personal Information that we hold about you is incomplete or inaccurate, you are able to require us to correct it;
- the right to have information deleted. If you would like us to stop processing your Personal Information, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it;
- the right to restrict the processing of the Personal Information. For example, if you believe the Personal Information we hold is incorrect, we will stop processing it (whilst still holding it) until we have ensured that it is correct;
- the right to portability. You may transfer the Personal Information that we hold on you for your own purposes;
- the right to object to the inclusion of any information. You have the right to object to the way we use your Personal Information where we are using it for our legitimate interests;
- the right to regulate any automated decision-making and profiling of Personal Information. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
Where you have provided consent to our use of your Personal Information, you also have the unrestricted right to withdraw that consent at any time subject to contractual obligations. Withdrawing your consent means that we will stop processing the Personal Information that you had previously given us consent to use. There will be no consequences for withdrawing your consent; however, in some cases, we may continue to store and use the
Personal Information where so permitted by having a legitimate reason for doing so or where required by law, regulation or by any other competent authorities. We may also not be able to continue our services to you.
Transfers of Personal Information outside of South Africa
Your data may be transferred to, stored at, and processed at a destination outside of South Africa by our service providers (eg. Dropbox). By submitting your Personal Information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with applicable legislation or other relevant and appropriate laws.
Links to external websites
Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or how such websites collect and use your data. Please check these policies before you submit any Personal Information to these websites.
Access to Personal Information about you
You have the right to request a copy of the Personal Information we hold about you. If you would like a copy of some or all of this information you may contact us as
- Information officer contact details
Full name: Candice van Heerden
Email address: email@example.com
Telephone number/s: 011 615 3047
- head office details
Physical address: Kloof road Medical Centre. 17 Kloof Road Bedfordview
Contact email address: firstname.lastname@example.org
Contact telephone number/s: 011 615 3047
If any of the information we hold is inaccurate, you can ask us to make any necessary amendments.
Updates to the Privacy Notice
We reserve the right to update this Notice to reflect any legal changes or changes to the way in which we process your Personal Information. The updated Notice will be published on our website and it will come into effect at the time of publication generally.
If you have any queries regarding privacy issues or the content of this Privacy Notice, you can email us using the contact details provided above.
What if you have a complaint?
If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via one of the methods set above. You undertake to first make a good faith attempt to resolve same with the Practice. If you are not first satisfied with our response to your complaint, you have the right to then lodge a complaint with our supervisory authority, the Information Regulator.