AHREFS
+27 21 855 0307 info@ethitech.co.za

PRIVACY POLICY

1.   Overview

1.1 Purpose

The company is a licensed distributor of medical devices to healthcare providers and consumers. This policy applies to personal information that we have in our possession, or under our control, and personal information that we collect or receive from you, about you.

1.2 Policy Scope

The company is subject to various laws and ethical rules protecting the privacy and confidentiality of customers and consumers. The Privacy policy stipulates, amongst others, how we collect the information, the type of information collected, why that information is collected, the circumstanced under which that information will be shared with others, the security measures that we have implemented to protect the information and how you may obtain access to and correct your information.

1.3 Information Officer

Information Officer of the company:

Name: Imke Erasmus

Email: imke@ethitech.co.za

Telephone: 021 855 0307

1.4 Definitions and Abbreviations

Data Subject refers to the person (e.g., patient) or entity to whom the personal information relates.
Personal Information has the meaning assigned to it in POPIA and refers to information relating to human beings and certain juristic persons. It includes information such as race, gender, pregnancy, age, health status and medical information, date of birth, identity number, contact details and confidential correspondence.
Processing has the meaning assigned to it in POPIA and refers to any operation or activity concerning personal information, such as the collection, receipt, recording, storage, updating, alteration, use, distribution, erasure or destruction of the information.
POPIA Means the Protection of Personal Information Act (Act 4 of 2013) and its Regulations
“We” / “us” Refers to Ethitech (PTY) Ltd
“You / ”your” Refers to the data subject (i.e. the person or entity) whose personal information is processed by the practice.

 

2.   Policy

2.1 Our commitment

We understand that your personal information is important to you and that you may be anxious about disclosing it. Your privacy and the security of your information are just as important to us and we want to make sure you understand how your information will be processed. We are committed to conducting our practice in accordance with the law. We will, therefore, the only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential. We take this commitment to look after your personal information seriously. We have implemented a number of processes to make sure that your personal information is used in the right way.

We apply the following principles in order to protect your privacy:

  • We only collect the personal information that is necessary;
  • We only use personal information for the purposes specified in this Privacy Policy, unless you are advised otherwise;
  • We do not keep personal information longer than needed for lawful purposes; and
  • We only share your personal information as specified in this Privacy Policy and permitted in terms of the law or otherwise as agreed with you.

2.2 When you provide information about another individual/entity

You must make sure that if you provide personal information about any individual or entity to us, you may lawfully do so (e.g., with their consent). We will accept that you are acting lawfully. You should make sure that they are familiar with this Privacy Policy and understand how we will use and disclose their information.

2.3 Collection of personal information

We collect personal information directly from you when you become a customer, a consumer-patient or an employee of the company, when you supply information on our website or when you provide information to us. Information may also be collected from other sources, depending on the circumstances, when it is, for example, not possible to obtain the information directly from you or to protect your legitimate interests such as product delivery or customer complaint management. The information may be collected from persons, such as the employees within your organisation, your next-of-kin, another health care practitioner involved with your care or when you make information publicly available. The information that we collect about patients/consumers is necessary to ensure their safety during the use of the product, to provide them with the requested product assistance and customer support, and required for de-identified regulatory reports as required by various laws.

2.4 Process of your personal information

There are various laws that permit the processing of personal information of patients such as the National Health Act, POPIA and the Medical Schemes Act. Employment laws permit the processing of employees’ information.

We generally process the personal information listed below, if applicable in the circumstances, and retain it as part of our records. Other personal information may be collected and processed, if it is required in the circumstances

Consumers/Patients

  • Names and surnames, identity numbers, dates of birth, age, weight, contact details, addresses, nationality and gender;
  • Photos, product performance photos, if applicable;
  • Names and contact details of next-of-kin;
  • Health status, medical information, including medical history/ previous diabetes treatment history.
  • Medical scheme information or information about other relevant funders;
  • Products provided, training and information provided;
  • Billing and payment details; and
  • The information recorded on company documentation, such as consent forms, product complaint forms.
  • Product-specific Information recorded on company documentation, such as Serial Numbers, LOT numbers, insertion dates, event dates, event descriptions recorded on product complaint forms.
  • Correspondence

Employees and Job Applicants

  • Names and surnames, titles, identity numbers, dates of birth, age, contact details, addresses, HPCSA / statutory council number, position or role in the practice, nationality, gender, race, qualifications, specialisation, interests and other information included on CVs;
  • Membership of professional societies;
  • Relevant medical and disability information, including Covid-19 screening information;
  • Signatures of official signatories of the company and proof of residence, if required by the bank;
  • Employment-related information;
  • Bank details;
  • Professional indemnity cover;
  • Vetting reports of job applicants (qualifications and criminal records); and

Customers, Suppliers, Vendors and Other Persons / Entities, including Public Bodies and Regulators

  • Organisation’s name and contact details;
  • HPCSA / statutory council number / practice number, if applicable
  • Agreements and related information;
  • Quotations, Invoices;
  • Official documentation, including newsletters and statements;
  • Covid-19 screening information of visitors to the company; and

2.5 Consent

If you consent to the processing of your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for by the law.

2.6 Objection to processing

When we process your personal information to protect your legitimate interests or based on the legitimate interests of the practice or those of a third party to whom we supply the information, you may object to our processing, if it is reasonable to do so. This must occur on the form prescribed by POPIA, available at reception / from the Information Officer. This does not affect your personal information that we have already processed. If you object and we agree with your objection, your personal information will only be processed as provided for in the law.

2.7 Purposes of processing your personal information

We generally process your personal information for the following purposes:

  • to conduct and manage the company in accordance with the law, including the administration of the company’s responsibilities, collecting payment for products provided, information related to services rendered, patients and/or responsible persons/entities;
  • for customers support care and complaint management of patients;
  • for communication purposes (e.g. important patient product notifications, invoices, statements, quotation and information requests).
  • for the maintenance of customer and consumer records;
  • for employment / contracting and related matters of employees and consultants;
  • for reporting to persons and bodies, including regulatory bodies, original manufacturers, as required and authorised in terms of the law or by the data subjects;
  • for historical, statistical and research purposes;
  • for identification of consumers/patients;
  • for identification of customers, suppliers or vendors,
  • for enforcement of the company’s rights; and/or
  • for any other lawful purpose related to the activities of our company.

2.8   Disclosure of your personal information

We will share only relevant personal information about you with the persons and entities specified below if it is necessary and lawful in the circumstances.

Consumers/Patients

  • Next-of-kin as may be required and authorised in the circumstances;
  • Guarantors for payment of invoices;
  • Relevant funders such as the patient’s medical scheme;
  • Relevant pharmacy such as the patient’s dispensing pharmacy, e.g. Medipost, CDE Pharmacy.
  • Employees of the company and service providers who assist us to provide the services and products to you and who perform functions related to the administration of the company on a need-to-know basis, subject to confidentiality undertakings;
  • Debt collectors/attorneys;
  • Our insurers;
  • Our professional and legal advisers, including our accountants/auditors;
  • Law enforcement structures, including courts and tribunals;
  • Regulatory and other public or private bodies, persons or entities, as may be required or permitted in terms of the law, including to comply with any legal obligation or to protect the rights, property or safety of our practice, employees, patients, the public or others; and
  • The purchaser of the company if applicable.

Employees, including job applicants

  • Employees of the company and service providers and suppliers who assist us to provide the services and who perform functions related to the administration of the company on a need-to-know basis, subject to confidentiality undertakings;
  • Next-of-kin in emergency situations;
  • Funders;
  • Our insurers;
  • Suppliers and vendors;
  • Vetting agencies (if applicable);
  • Employment agencies (if applicable);
  • Entities performing peer review, or industry bodies ( e.g SAMED)
  • Our professional and legal advisers, including our accountants/auditors;
  • Law enforcement structures, including courts and tribunals;
  • Regulatory and other public or private bodies, persons or entities, as may be required or permitted in terms of the law, including to comply with any legal obligation or to protect the rights, property or safety of our practice, employees, patients, the public or others; and
  • The purchaser of the practice, if applicable. 

Other Persons and Entities (such as persons responsible for accounts, or delivery of products)

  • Employees of the company and service providers and suppliers who assist us to provide the services and who perform functions related to the administration of the company on a need-to-know basis, subject to confidentiality undertakings;
  • Next-of-kin in emergency situations;
  • Funders;
  • Our insurers;
  • Suppliers and vendors;
  • Vetting agencies (if applicable);
  • Employment agencies (if applicable);
  • Entities performing peer review, or industry bodies (e.g. SAMED)
  • Our professional and legal advisers, including our accountants/auditors;
  • Law enforcement structures, including courts and tribunals;
  • Regulatory and other public or private bodies, persons or entities, as may be required or permitted in terms of the law, including to comply with any legal obligation or to protect the rights, property or safety of our practice, employees, patients, the public or others; and
  • The purchaser of the practice, if applicable.

2.9    Record Keeping

We maintain records of your personal information for as long as it is necessary for lawful purposes related to the conducting of our company’s business operations and services, including to fulfil your requests, provide products, services, and customer support to customers and consumer patients, comply with legal obligations, resolve complaints, attend to litigation where instituted against the company, enforce agreements and for historical statistical and research purposes subject to the provisions of the law.

2.10   Information sent across the borders of the Republic of South Africa

We process and store your information in records within the Republic of South Africa. If we must provide your personal information to a third party in another country, we will obtain your prior consent, unless such information may be lawfully provided by that third party.  Customer complaints received from Healthcare Providers and consumer patients will be supplied to the original manufacturer/s and applicable regulatory bodies, outside of the borders of South Africa, in keeping with the provisions of the law and regulatory requirements.

2.11   Security of your personal information

We are committed to ensuring the security of your personal information in order to protect it from unauthorised process and access as well as loss, damage or unauthorised destruction. We have implemented and continually review and update our information protection measures to ensure the security, integrity and confidentiality of your information in accordance with industry best practices. These measures include the physical securing of the offices where information is held, the locking of cabinets with any physical records, password control to access electronic records, off-site data back-ups, and stringent policies in respect of electronic record storage and dissemination. In addition; only those employees and service providers that require access to your information to discharge their functions and to render services to us are granted access to your information and only if they have concluded agreements with or provided undertakings regarding the implementation of appropriate security measures, maintaining the confidentiality and processing the information only for the agreed purposes. We will inform you and the Information Regulator if any person has unlawfully obtained access to your personal information, subject to the provisions of the law.

2.12   Right to access your personal information

You have the right to request access to your personal information in our possession or under our control and information of third parties to whom we supplied that information subject to restrictions imposed in legislation. If you wish to exercise this right, please complete the prescribed form, available at reception / from the Information Officer, and submit it to the receptionist / Information Officer. Costs may be applicable to such request, which can be obtained from the receptionist / Information Officer. Please consult our PAIA Manual for further information.

2.13   Accuracy of your personal information

It is important that we always have accurate information about you on record as it could impact communication with you, service delivery to you and your health, if applicable. You must therefore inform us as soon as any of your information has changed. You may also request us to correct or delete any information. Such a request must be made in writing on the prescribed form, available at reception / from the Information Officer, and be submitted to the receptionist / Information Officer. You must provide sufficient detail to identify the information and the correction/deletion required. Information will only be corrected/deleted if we agree that the information is incorrect or should be deleted. It may not be possible to delete all the information if we may lawfully retain it. Please enquire at reception or contact the Information Officer to discuss how we can assist you with your request. If we correct any information and the corrected information will impact any decision made or to be made about you, we will send the corrected information to persons to whom the information has been disclosed in the past if they should be aware of the changed information.

2.14   Changes to this Privacy Policy

We reserve the right in our sole and absolute discretion, to revise or supplement this Privacy Policy from time to time to reflect, amongst others, any changes in our company or the law. We will publish the updated Privacy Policy on our website. It will also be available at reception. Any revised version of the Policy will be effective as of the date of posting on the website, so you should always refer back to the website for the latest version of the Policy. It is your responsibility to make sure you are satisfied with any changes before continuing to use our services. In the event that we make a material change to how we use your personal information, we will provide you with an opportunity to opt-out of such new or different use. If you have any questions concerning this Policy, please contact our Information Officer.

2.15   Concerns and complaints about the processing of your personal information.

All enquiries, requests or concerns regarding this Policy or relating to the processing of your personal information by the practice should be addressed to the Information Officer. You may also lodge a complaint with the Information Regulator at complaints.IR@justice.gov.za  / +27 (0)10 023 5207 / +27 (0)82 746 4173.

2.16   Laws applicable to this privacy policy

This Privacy Policy is governed by the laws of the Republic of South Africa.