Privacy Policy

Privacy Policy

 1. Introduction

This Privacy Policy tells you how we will process and protect your Personal Information (as defined hereunder) and should be read together with our Terms of Use.

Health Window (“Health Window”, “we”, “us” or “our”) collects and processes the Personal Information of anyone who accesses our website and/or chooses to become our customer (“you” or “your”). By providing us with your Personal Information, you: 1) agree to this Policy and authorise us to process such information as set out herein; and 2) authorise us, our Service Providers and other third parties to Process your Personal Information for the purposes stated in this Policy.

Personal Information, in terms of the Protection of Personal Information Act 4 of 2013 (“POPIA”), means: – information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. The Constitution of the Republic of South Africa 1996 (“Constitution”) provides that everyone has the right to privacy. This includes the right to protection against the unlawful collection, retention, dissemination, and use of your Personal Information.

Because of the sensitivity of some Personal Information, we take all reasonable measures to ensure that the way in which we process your Personal Information complies fully with POPIA and have implemented reasonable organisational and technical controls as a result.

Our Privacy Policy terms may change from time to time without notice to you. All changes to this Privacy Policy will be available on our website. Please ensure that you visit our website and regularly read this Privacy Policy.

 2. Collection of Personal Information

We may collect or obtain Personal Information about you through direct or active interactions with you; during our relationship with you; through automated or passive interactions with you; when you interact with our website, and from third parties and public sources. Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information.

Types of Personal Information that we may collect include identity information; contact information; transaction information; medical aid information; technical information; usage Information; location information; and marketing and communications information.

 3. Legal Basis for Processing

When we process your Personal Information for the purposes set out herein, we may rely on one or more of the following legal bases, depending on the purpose for which the processing activity is undertaken and the nature of our relationship with you: your consent to the processing of your Personal Information; processing of the information is necessary for the performance of a contract or of a legal obligation; and processing is necessary for the protection of our and your legitimate interests.

 4. Purposes of Processing

We will primarily use your Personal Information for the purpose for which it was originally collected. We will use your Personal Information for a secondary purpose if such purpose constitutes a legitimate interest and is compatible with the primary purpose for which the Personal Information was collected.

You agree that we may process your Personal Information for, but not limited to, the following: operating our business; complying with compulsory requirements under relevant laws; to retain and make information available to you on our website; to establish and verify your identity on the website; fraud prevention; complying with information requests from the information regulator; to conduct market research surveys and other marketing activities;  for security, administrative and legal purposes; to manage risks; and to improve customer/client experience.

We may also collect and process aggregated data, which may include historical or statistical data for any purpose, including for know-how and research purposes. For such purpose, your Personal Information will be used in a deidentified basis only.

 5. Sharing of Personal Information

For us to carry out our obligations and for legitimate business purposes, we may need to pass your Personal Information to third parties, such as our service providers. This Privacy Policy records your consent to us passing your Personal Information onto those third parties.

We will ensure that your Personal Information is processed in a lawful manner and that we and the third parties do not infringe your privacy rights. In the event that we outsource the processing of your Personal Information to a third party operator, we will ensure that the operator processes and protects your Personal Information using reasonable technical and organisational measures which standards are on the same level as ours.

We may also disclose your Personal Information to third parties if we are under a duty to disclose or share such information to comply with any legal obligation or to protect the rights, property or safety of the Pharmacy, its customers/clients, and others.

 6. International Transfer of Personal Information

We will not ordinarily transfer any Personal Information collected from you outside the borders of the Republic of South Africa. In the event that we transfer or store your Personal Information outside the Republic of South Africa, we will take all steps reasonably necessary to ensure that the third party who receives your Personal Information is subject to a law or binding agreement which provides an adequate level of protection.

 7. Data Security

We have implemented appropriate technical and organisational security measures to protect your Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and in accordance with applicable law.

 8. Data Retention

We will retain your Personal Information for as long as is necessary to fulfil the purpose for which it was collected unless a longer retention period is required to comply with legal obligations or another legitimate obligation, unless we have your consent to process it indefinitely.

 9. Data Accuracy

The Personal Information provided to us should be accurate, complete and up to date. Should your Personal Information change, the onus is on the provider of such data (you) to notify us of the change(s) and provide us with up to date and accurate data.

 10. Data Minimisation

We will restrict the processing of Personal Information to data which is sufficient for the fulfilment of the primary and applicable legitimate purpose for which it was collected.

 11. Your Rights under this Privacy Policy

You have the right to have your Personal Information processed lawfully. This includes the right to be notified that your Personal Information is being collected or that your Personal Information has been accessed or acquired by an unauthorised person (e.g., where a hacker may have compromised the computer system on which your Personal Information is being stored); to find out whether we hold your Personal Information and to request access to your Personal Information; to request us, where necessary, to correct, destroy or delete your Personal Information; to object, on reasonable grounds, to the processing of your Personal Information; to object to the processing of your Personal Information for purposes of direct marketing, including by way of unsolicited communications; not to be subject, in certain circumstances, to a decision which is based solely on the automated processing of your Personal Information; to submit a complaint to the Regulator if you believe that there has been interference with the protection of your Personal Information; and to institute civil proceedings against us if you believe that we have interfered with the protection of your Personal Information.

 12. Direct Marketing

We may process Personal Information for the purpose of direct marketing and providing you with information that may be of interest to you. We will send you direct marketing materials only if you have specifically opted-in to receive these materials, or if you are a customer/client of ours. This will at all times be done in accordance with applicable laws. You may unsubscribe at any time. If you opt-out of receiving marketing related communications from us, we may still send you administrative messages which is necessary as part of our services.

 13. Amending and Accessing Your Personal Information

Refer to our PAIA Manual for more information about accessing and/or amending your Personal Information.

 14. Contact Details of the Information Regulator and Queries

You may contact our Information Officer at: 

Information Officer: Casper Jan Hendrik Schutte

Physical Address: First Floor, Building B, The Woods, 41 De Havilland Crescent, Persequor Techno Park, Persequor, Pretoria, 0020

Tel: +27 12 844 9000

Email: /

You may contact the Information Regulator at:

Information Regulator:

Tel: 012 406 4818

Fax: 086 500 3351