Health Window (“Health Window”, “we”, “us” or “our”) collects and processes the Personal Information of anyone who accesses our website and/or chooses to become our customer (“you” or “your”). By providing us with your Personal Information, you: 1) agree to this Policy and authorise us to process such information as set out herein; and 2) authorise us, our Service Providers and other third parties to Process your Personal Information for the purposes stated in this Policy.
Personal Information, in terms of the Protection of Personal Information Act 4 of 2013 (“POPIA”), means: – information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. The Constitution of the Republic of South Africa 1996 (“Constitution”) provides that everyone has the right to privacy. This includes the right to protection against the unlawful collection, retention, dissemination, and use of your Personal Information.
Because of the sensitivity of some Personal Information, we take all reasonable measures to ensure that the way in which we process your Personal Information complies fully with POPIA and have implemented reasonable organisational and technical controls as a result.
- Collection of Personal Information
We may collect or obtain Personal Information about you through direct or active interactions with you; during our relationship with you; through automated or passive interactions with you; when you interact with our website, and from third parties and public sources. Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information.
Types of Personal Information that we may collect include identity information; contact information; transaction information; medical aid information; technical information; usage Information; location information; and marketing and communications information.
- Legal Basis for Processing
When we process your Personal Information for the purposes set out herein, we may rely on one or more of the following legal bases, depending on the purpose for which the processing activity is undertaken and the nature of our relationship with you: your consent to the processing of your Personal Information; processing of the information is necessary for the performance of a contract or of a legal obligation; and processing is necessary for the protection of our and your legitimate interests.
- Purposes of Processing
We will primarily use your Personal Information for the purpose for which it was originally collected. We will use your Personal Information for a secondary purpose if such purpose constitutes a legitimate interest and is compatible with the primary purpose for which the Personal Information was collected.
You agree that we may process your Personal Information for, but not limited to, the following: operating our business; complying with compulsory requirements under relevant laws; to retain and make information available to you on our website; to establish and verify your identity on the website; fraud prevention; complying with information requests from the information regulator; to conduct market research surveys and other marketing activities; for security, administrative and legal purposes; to manage risks; and to improve customer/client experience.
We may also collect and process aggregated data, which may include historical or statistical data for any purpose, including for know-how and research purposes. For such purpose, your Personal Information will be used in a deidentified basis only.
- Sharing of Personal Information
We will ensure that your Personal Information is processed in a lawful manner and that we and the third parties do not infringe your privacy rights. In the event that we outsource the processing of your Personal Information to a third party operator, we will ensure that the operator processes and protects your Personal Information using reasonable technical and organisational measures which standards are on the same level as ours.
We may also disclose your Personal Information to third parties if we are under a duty to disclose or share such information to comply with any legal obligation or to protect the rights, property or safety of the Pharmacy, its customers/clients, and others.
- International Transfer of Personal Information
We will not ordinarily transfer any Personal Information collected from you outside the borders of the Republic of South Africa. In the event that we transfer or store your Personal Information outside the Republic of South Africa, we will take all steps reasonably necessary to ensure that the third party who receives your Personal Information is subject to a law or binding agreement which provides an adequate level of protection.
- Data Security
We have implemented appropriate technical and organisational security measures to protect your Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and in accordance with applicable law.
- Data Retention
We will retain your Personal Information for as long as is necessary to fulfil the purpose for which it was collected unless a longer retention period is required to comply with legal obligations or another legitimate obligation, unless we have your consent to process it indefinitely.
- Data Accuracy
The Personal Information provided to us should be accurate, complete and up to date. Should your Personal Information change, the onus is on the provider of such data (you) to notify us of the change(s) and provide us with up to date and accurate data.
- Data Minimisation
We will restrict the processing of Personal Information to data which is sufficient for the fulfilment of the primary and applicable legitimate purpose for which it was collected.
You have the right to have your Personal Information processed lawfully. This includes the right to be notified that your Personal Information is being collected or that your Personal Information has been accessed or acquired by an unauthorised person (e.g., where a hacker may have compromised the computer system on which your Personal Information is being stored); to find out whether we hold your Personal Information and to request access to your Personal Information; to request us, where necessary, to correct, destroy or delete your Personal Information; to object, on reasonable grounds, to the processing of your Personal Information; to object to the processing of your Personal Information for purposes of direct marketing, including by way of unsolicited communications; not to be subject, in certain circumstances, to a decision which is based solely on the automated processing of your Personal Information; to submit a complaint to the Regulator if you believe that there has been interference with the protection of your Personal Information; and to institute civil proceedings against us if you believe that we have interfered with the protection of your Personal Information.
- Direct Marketing
We may process Personal Information for the purpose of direct marketing and providing you with information that may be of interest to you. We will send you direct marketing materials only if you have specifically opted-in to receive these materials, or if you are a customer/client of ours. This will at all times be done in accordance with applicable laws. You may unsubscribe at any time. If you opt-out of receiving marketing related communications from us, we may still send you administrative messages which is necessary as part of our services.
- Contact Details of the Information Regulator and Queries
You may contact our Information Officer at:
You may contact the Information Regulator at:
Tel: 012 406 4818
Fax: 086 500 3351