Last revised: September, 2020
1. Introduction
1.1 Purpose.
1.1.1 The purpose of this Privacy Policy is to describe how Direct Health Africa (Proprietary) Limited (“Direct Health“) and its holding company and affiliates (“the Direct Health Group“) collects, uses and shares Personal Information about you through our online interfaces (e.g., websites and mobile applications) owned and controlled by us, including www.medici.md (collectively referred to herein as the “Site“) and services provided through the Site (“Services“). Please read this notice carefully to understand what we do. If you do not understand any aspects of our Privacy Policy, please feel free to Contact Us or as described at the end of this Policy.
1.1.2 We offer an online communication platform for Healthcare Providers and their patients (or their patients’ parents or legal guardians, as may be applicable from time to time) (“Patient Users“) to connect via the Site through the use of interactive video, audio and other telecommunications technology. The Site facilitates communication between Patient Users and Healthcare Providers, and for the avoidance of doubt we are not involved in, nor have any influence over, the content of the medical or healthcare assessments conducted and advice provided by Healthcare Providers to Patient Users.
1.1.3 This Privacy Policy applies to Personal Information provided by you, as a Healthcare Provider to us, when using the Site or Services.
1.1.4 Our Privacy Policy explains:
1.1.4.1 What is Personal Information?
1.1.4.2 What processing activities does this Policy apply to?
1.1.4.3 Personal Information That We Collect
1.1.4.4 How We Use and Share Your Information
1.1.4.4.1 Cross-border Transfers of Personal Information
1.1.4.4.2 Security of Your Information
1.1.4.4.3 Data Integrity and Retention
1.1.4.5 Access to Your Information and Choices
1.1.4.6 Your rights in relation to Personal Information
1.1.4.7 Changes to Our Privacy Policy
1.1.4.7.1 Questions and How Contact Us
1.2 Scope; Third Party Sites.
This Privacy Policy applies only to Personal Information (including Special Personal Information) we collect at and through the Site. Our Site contains links to third party sites that are not owned or controlled by Direct Health. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our Site and to read the privacy statements of each and every website that collects personal information.
1.3 Terms of Use.
Please note that your use of our Site is also subject to our South Africa Patient Terms of Use.
2. What is Personal Information?
2.1 For the purpose of this Policy, “Personal Information” means information relating to an identifiable, living, natural person and, where applicable, an identifiable existing juristic person, including but not limited to –
2.1.1 Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
2.1.2 information relating to the education or the medical, financial, criminal or employment history of the person;
2.1.3 any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
2.1.4 the personal opinions, views or preferences of the person;
2.1.5 correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
2.1.6 the views or opinions of another individual about the person; and
2.1.7 the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
2.2. For the purpose of this Policy, reference to Personal Information throughout this Policy includes Special Personal Information. “Special Personal Information” means:
2.2.1 religious or philosophical beliefs;
2.2.2 race or ethnic origin;
2.2.3 trade union membership;
2.2.4 political persuasion;
2.2.5 health or sex life;
2.2.6 biometric information;
2.2.7 criminal behaviour to the extent that such information relates to the alleged commission by a data subject of an offence or any proceedings in respect of any offence allegedly committed by a data subject or the disposal of such proceedings.
3. What Processing Activities Does This Policy Apply To?
3.1 For the purpose of this Policy, “Processing” means any operation or activity or set of operations concerning Personal Information, including but not limited to, the collection, receipt, recording, organisation, collation, storage, updating, modification, retrieval, retention, alteration, use, disclosure, access, transfer, distribution, linking, merging, degradation, erasure or destruction.
3.2 This Policy will only apply to the Processing of Personal Information entered in a record by or for any entity in the Direct Health Group by making use of automated or non-automated means. Personal Information processed by non-automated means will form part of this Policy if the records so created form part of a filing system or are intended to form part thereof.
3.3 For the purpose of this Policy, a “record” means any writing on any material. It also includes information produced, recorded or stored by means of a tape-recorder, computer equipment or other device, as well as any label, marking, map, book, plan, graph, drawing, or photograph, film, negative, tape or other device in which one or more visual images are embodied.
3.4 For the purpose of this Policy, “automated means” means any equipment capable of operating automatically in response to instructions given for the purpose of processing information.
3.5 For the purpose of this Policy, a “data subject” means the person to whom Personal Information relates.
4. Personal Information We Collect
4.1 Personal Information You Provide to Us
We collect Personal Information you provide to us, for example when you register, create or modify your account via our Mobile applications, purchase products or services from us, request information from us, contact customer support, or otherwise communicate with us. This information may include:
4.1.1 Name
4.1.2 Address
4.1.3 Billing address
4.1.4 Email address
4.1.5 Telephone number
4.1.6 Date of birth
4.1.7 Medical practice numbers and registration details (for purposes of verifying you are a registered health professional with the relevant registered databases)
4.1.8 Photos, files, videos, chat messages and other communications between physicians and patients (but does not include the content of such communications)
4.1.9 patient lists which you provide us with (containing basic contact details of patients which you have obtained the specific consent to send marketing communications to)
4.1.10 information that we may ask you for if you enter any competition or promotion featured on our Site or if you report a problem with our Site and/or our Services;
4.1.11 if you contact us, we may keep a record of that correspondence;
4.1.12 we may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
4.1.13 details of transactions you carry out through our Site and of the fulfilment of any contract you enter into with us; and
4.1.14 details of your visits to our Site(including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise) and the resources that you access.
4.2 We may also collect information (which may include Personal Information) that our users provide, such as new or deleted postings, new or deleted comments, keyword searches, and scam reports.
4.2.1 The supply of your Personal Information is voluntary, however you acknowledge that we cannot make certain Services available to you on the Site if you do not wish to supply such Personal Information.
4.2.2 We use a third-party credit card processing company for purchases, and other third party companies to monitor website traffic, which may, in some instances, store your information, including the Personal Information you submit to such third parties.
4.2.3 By continuing to use this Site or the Service, you consent to processing, collection, storage, and use of the Personal Information you provide for any of the Services that we offer and for the purposes set out in this Privacy Policy, and you consent to our collection of any changes or updates that you may provide to any information you provide that is collected by us. If you do not agree to the Privacy Policy, please do not use the Site.
4.2.4 Where you provide us with Personal Information relating to a third party data subject (for example, your patients), you warrant that you have obtained all necessary consents from such data subject, including the data subject’s consent for you to share such Personal Information with us to process on your behalf.
4.3 Personal Information We Collect Through Your Use of our Site
4.3.1 Google Analytics
We use Google Analytics, a web analytics service provided by Google, Inc. (“Google“) to collect certain information relating to your use of the Site. Google Analytics uses “cookies”, which are text files placed on your computer, to help the Site analyse how users use the site. You can find out more about how Google uses data when you visit our Site by visiting “How Google uses data when you use our partners’ sites or apps”, (located at www.google.com/policies/privacy/partners/).
4.3.2. Information Collected Through Cookies and Similar Technologies
We and our service providers use cookies, web beacons, and other technologies to receive and store certain types of information whenever you interact with our Site through your computer or mobile device. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the Site again, the cookie allows the Site to recognize your browser. Cookies may store unique identifiers, user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some Site features or services may not function properly without cookies. We use cookies to improve the quality of our service, including for storing user preferences, tracking user trends and providing relevant advertising to you.
4.3.3 No Information from Children Under Age 13
If you are under the age of 13, please do not attempt to register with our services (e.g. Site or Mobile Applications) or provide any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under the age of 13, we will promptly delete that information. If you believe we have collected Personal Information from a child under the age of 13, please Contact Us.
5. How We Use and Share Your Personal Information
5.1 Direct Health may Process Personal Information in order to carry out and manage the Site, to comply with its legal obligations and to pursue its legitimate business interests.
5.2 Some examples of what Direct Health may Process Personal Information include but are not limited to the following:
5.3 To Provide Products, Services, and Information.
We collect Personal Information from you in order to:
5.3.1 provide products and services that you purchase using the Site;
5.3.2 to ensure that content from our Site is presented in the most effective manner for you and for your computer or mobile device;
5.3.3 in aggregate form, for internal business purposes such as generating statistics and developing our strategic and marketing plans;
5.3.4 register and service and manage your online account and provide customer service;
5.3.5 provide information that you request from us; contact you;
5.3.6 make our product available to you.
5.3.7 to allow you to participate in interactive features of our Services, when you choose to do so;
5.3.8 to carry out any contracts that may form between us;
5.3.9 keep logs of video calls, voice calls and text messages for audit purposes (but the content of such messages will be encrypted and not accessible by us)
5.3.10 to respond to any queries you make; and
5.3.11 to notify you about changes to our Service;
5.3.12 to notify you of amounts payable for security, administrative or legal purposes, for helping us in any future dealings with you;
5.3.13 to send you promotional materials or advertisements about our products and services, as well as new features and offerings; administer surveys and provide interest-based targeted advertising to you where you have consented to be contacted for such purposes.
5.4 Sharing with Third Parties.
We may provide information, as defined in Section 4 above, to third party service providers that help us operate and manage our Site, process orders, and fulfil and deliver products and services that you purchase from us. These service providers will have access to your Personal Information in order to provide these services, but when this occurs we will ensure that there are written contracts in place with these services providers in terms of which they undertake to implement appropriate and reasonable administrative, technical and physical security measures to protect the confidentiality and security of the Personal Information.
5.5 We may use how you browse and shop in order to show you ads for Direct Health or our advertising partners that are more relevant to your interests. We may use cookies and other information to provide relevant interest-based advertising to you. Interest-based ads are ads presented to you based on your browsing behaviour in order to provide you with ads more tailored to your interests. These interest-based ads may be presented to you while you are browsing our site or third-party sites not owned by Direct Health.
5.6 We belong to ad networks that may use your browsing history across participating websites to show you interest-based advertisements on those websites. Currently, our Site does not recognize if your browser sends a “do not track” signal or similar mechanism to indicate you do not wish to be tracked or receive interest-based ads. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative websites (www.aboutads.info and www.networkadvertising.org). Please note that if you choose to opt out, you will continue to see ads on our Site, but they will not be based on how you browse and shop.
5.7 Legal Proceedings.
We may share personal information with third party companies, organizations or individuals outside of Direct Health if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
5.8 Meet any applicable law, regulation, subpoena, legal process or enforceable governmental request;
5.9 Enforce applicable Terms of Use, including investigation of potential violations;
5.10 Detect, prevent, or otherwise address fraud, security or technical issues;
5.11 Protect against harm to the rights, property or safety of Direct Health, our users, customers or the public as required or permitted by law including responding to claims that any content violates the rights of third-parties;.
5.12 Transfer in the Event of Sale or Change of Control.
If the ownership of all or substantially all of our business changes or we otherwise transfer assets relating to our business or the Site to a third party, such as by merger, acquisition, bankruptcy proceeding or otherwise, we may transfer or sell your Personal Information to the new owner. In such a case, subject to the applicable laws, your information would remain subject to the promises made in the applicable privacy policy unless you agree differently.
6. Cross-Border Transfers of Personal Information
You understand that due to the global nature of the Direct Health Group’s operations, an entity in the Direct Health Group may disclose and/or transfer Personal Information to other entities within the Direct Health Group, which are based in various locations around the world. You hereby agree that your Personal Information may be transferred to, processed and accessed at a destination outside South Africa.
7. Security of Your Information
We use industry standard physical, technical and administrative security measures and safeguards to protect the confidentiality and security of your personal information. We shall endeavour to ensure the security and confidentiality of your Personal Information as far as reasonably possible against anticipated threats or hazards to the security or integrity of the Personal Information and protect as far as reasonably possible against unauthorised access to or use of such Personal Information that could result in substantial harm. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any information you transmit to us. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. We will not be liable for security breach arising out of you sharing your password and login details. Please note that e-mails and other communications you send to us through our “Contact Us” form are not encrypted, and we strongly advise you not to communicate any confidential information through these means.
We may, from time to time, transfer, store or host your Personal Information on servers outside of South Africa. We will at all times ensure that appropriate security safeguards are in place to secure and protect such personal information held in another country or that the service provider acts at all times in compliance with applicable privacy laws. Where required under applicable laws we will take measures to ensure that Personal Information handled in other countries will receive at least the same level of protection as it is given in this Privacy Policy.
8. Data Integrity and Retention
8.1 Direct Health will take reasonable steps to ensure that the Personal Information processed is reliable for its intended use and is accurate, up to date and complete for carrying out the purpose for which it was collected and is retained by Direct Health.
8.2 Direct Health will only retain Personal Information for as long as is reasonably necessary to achieve the purpose for which the Personal Information was initially collected, unless a longer retention period is (i) required or permitted by law or (ii) reasonably required by Direct Health for lawful purposes related to its functions or activities or (iii) required by a contract between the parties thereto or (iv) the data subject has consented thereto.
8.3 In circumstances where Direct Health is no longer authorized or permitted to retain the Personal Information, such Personal Information will be destroyed or de-identified in a manner that reasonably prevents misappropriation, reconstruction or unauthorized use.
9. Access to Your Personal Information and Choices
9.1 You can access and update certain information we have relating to your account through the profile settings on the Direct Health app. If you have questions about Personal Information we have about you or need to update your Personal Information, you can Contact Us, and chat with our support team through our Support page. You can opt-out of receiving marketing and promotional e-mails from Direct Health by using the opt-out or unsubscribe feature contained in the e-mails.
9.2 You can close your online account by going to the Privacy tab in the Direct Health app. If you close your account, we will no longer use your online account information or share it with third parties. We may, however, retain a copy of the information for archival purposes, and to avoid identity theft or fraud subject to the applicable laws regarding retention of Personal Information.
10. Your Rights in Relation to Personal Information
You have the following rights in relation to your Personal Information:
10.1 to be notified that Personal Information about you is being collected unless (i) you have consented to non-compliance; (ii) non-compliance would not prejudice your legitimate interests; (iii) compliance would prejudice a lawful purpose of the collection or is not reasonably practicable in the circumstances; or (iv) non-compliance is otherwise permitted in terms of any applicable law;
10.2 to be notified that Personal Information about you has been accessed or acquired by an unauthorised person;
10.3 to establish whether Direct Health holds Personal Information about you and request access to such information by submitting the prescribed form to Direct Health. A request to access Personal Information may be refused on any grounds permissible in law;
10.4 to request the correction, destruction or deletion of your Personal Information. Direct Health shall consider your request but is not obliged to comply with such request. In the event that Direct Health does not comply with the request, and if you so request, Direct Health will take such steps that are reasonable in the circumstances to attach to your Personal Information an indication that a correction of the information was requested but has not been made;
10.5 subject to any applicable law, to object, on reasonable grounds relating to your particular situation and in the legally prescribed manner, to the Processing of your Personal Information;
10.6 to object to Direct Health Processing your Personal Information for the purpose of direct marketing by unsolicited electronic communications;
10.7 not to be subject to a decision based solely on automated processing;
10.8 to submit a complaint to the relevant regulatory body or institute civil proceedings.
11. Changes to Our Privacy Policy
Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your consent in accordance with applicable law. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.
12. Questions and How to Contact Us
12.1 If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, please Contact Us or contact us by mail at the following address:
Direct Health Africa (Proprietary) Limited
Privacy Officer;
4th Floor South, Mariendahl House, Cnr of Campground and Main Roads, Newlands on Main, Newlands, 7700
12.2 If this Privacy Policy or any provision in this Privacy Policy is regulated by or subject to the Protection of Personal Information Act (“POPI“) or other data protection legislation it is not intended that any provision of this Privacy Policy contravenes any provision of POPI or other data protection legislation. Therefore, all provisions of this Privacy Policy must be treated as being qualified, to the extent necessary, to ensure that the provisions of POPI or other data protection legislation are complied with.
