Privacy Policy

1. Introduction

Africa Healthcare Holdings (Pty) Ltd, (“we,” “us,” or “our”) is committed to safeguarding the privacy of our customers, patients, employees, and all individuals whose personal information we process. This Privacy Policy outlines how we collect, use, disclose, and protect personal information in compliance with South African laws (Protection of Personal Information Act, National Health Act), the European Union’s General Data Protection Regulation (GDPR), and the United States Health Insurance Portability and Accountability Act (HIPAA).

2. Scope

This policy applies to all personal information processed by us in the course of our business operations, including information about patients, healthcare providers, employees, and business partners.

3. Definitions

  • Personal Information: Information relating to an identifiable, living natural person, and where applicable, an identifiable, existing juristic person.
  • Processing: Any operation or activity concerning personal information, including collection, receipt, recording, organization, collation, storage, updating, modification, retrieval, consultation, use, dissemination, and destruction.
  • Data Subject: The individual whose personal information is being processed.

4. Collection of Personal Information

We collect personal information that is necessary for our business purposes, including but not limited to:

  • Patient information (e.g., name, contact details, medical history, and treatment information).
  • Employee information (e.g., name, contact details, employment records).
  • Healthcare provider details (e.g., name, contact details, professional credentials).
  • Business partner information (e.g., company name, contact details, contract details).

5. Legal Basis for Processing

We process personal information under the following legal bases:

  • Consent: Where applicable, we obtain explicit consent from data subjects for the processing of their personal information.
  • Contractual Necessity: Processing is necessary to fulfill a contract with the data subject or to take steps at the request of the data subject prior to entering into a contract.
  • Legal Obligation: Processing is required to comply with applicable laws, including health regulations.
  • Legitimate Interests: Processing is necessary for the legitimate interests of [Company Name], provided that these interests do not override the rights and freedoms of the data subject.

6. Use of Personal Information

We use personal information for the following purposes:

  • To provide medical device products and services.
  • To comply with legal and regulatory requirements, including reporting to health authorities.
  • To manage relationships with healthcare providers, customers, and business partners.
  • To manage employee relations and comply with employment laws.
  • To conduct research and development, subject to appropriate safeguards.

7. Disclosure of Personal Information

We may disclose personal information to:

  • Regulatory authorities, as required by law.
  • Healthcare providers, where necessary for patient care.
  • Third-party service providers who process personal information on our behalf, subject to appropriate data protection agreements.
  • Business partners, in accordance with contractual obligations.

8. International Transfers

We may transfer personal information to recipients in other countries, including countries outside the European Union and the United States. In such cases, we ensure that appropriate safeguards are in place to protect the information, such as standard contractual clauses or equivalent mechanisms.

9. Data Security

We implement appropriate technical and organizational measures to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption, access controls, and regular security assessments.

10. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Upon the expiration of the retention period, we securely delete or anonymize the information.

11. Data Subject Rights

Data subjects have the following rights regarding their personal information:

  • Access: The right to request access to their personal information.
  • Correction: The right to request the correction of inaccurate or incomplete information.
  • Deletion: The right to request the deletion of personal information under certain conditions.
  • Objection: The right to object to the processing of personal information based on legitimate interests.
  • Portability: The right to request the transfer of their personal information to another organization.

To exercise these rights, data subjects may contact us at mark@afrihealth.co.za.

12. Compliance with Specific Jurisdictions

  • South Africa: We comply with the Protection of Personal Information Act (POPIA) and the National Health Act, including specific provisions regarding the processing of health-related information.
  • European Union: We adhere to the General Data Protection Regulation (GDPR) for data subjects within the European Economic Area (EEA).
  • United States: We comply with the Health Insurance Portability and Accountability Act (HIPAA) for the processing of protected health information (PHI).

13. Updates to this Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website, and where required by law, we will notify data subjects of significant changes.

Version 1, created 26 November 2024, approved by Mark Banfield and published on the company website.

14. Contact Information

For questions or concerns regarding this Privacy Policy or our data protection practices, please contact us at:

Africa Healthcare Holdings (Pty) Ltd

1 Butt Street, Kenton on Sea, South Africa, 6191

Mark@afrihealth.co.za

0834072222

Acknowledgment

By using our services or interacting with us, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.