Privacy Policy
1. Introduction
This privacy policy is to provide information to you, our patient, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties.
2. Why and When Consent is necessary.
When you register as a patient of our practice, you provide consent for our GPs and practice staff to access and use your personal information so they can provide you with the best possible healthcare. Only staff who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.
3. Why We Collect Your Data
We collect your information to enable us to provide you with health care services. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. Our staff will check your details with you to ensure they are up-to-date and correct.
4. What Data Do We Collect?
We collect Personal Data and Special Categories of Data that include but not limited to:
- Names, date of birth, addresses, contact details, gender, registration number.
- Medical information including medical history, medications, allergies, adverse events, immunizations, social history, family history, risk factors and other relevant details.
- Healthcare identifiers and health fund details.
5. When, Why and with Whom we Share Your Data
We share your personal information:
- With third parties who work with our practice for business purposes, such as pharmacies, labs or information technology providers.
- With SMS or an Interactive Voice Phone call to obtain feedback on your experience in using Trust services.
- When it is required or authorised by law.
- When it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent.
- Only people who need to access your information will be able to do so. Other than while providing medical services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent. We will not share your personal information with anyone outside of the Republic of South Africa.
6. How Long We retain Your Data
We will retain your Personal Data for six years as per South African regulations.
7. Where We Hold Your Data
At all times we will endeavor to hold your Data on servers within the Republic of South Africa.
8. Your Acknowledgment of this Notice and Your Rights
Under General Data Protection Regulation, you have rights, and these are listed below.
- Rights to Be informed.
The General Data Protection Regulation sets out the information we must provide to you about your Data. All the information we are required to give you is contained within this Privacy Policy. If you do not understand any part of this, you should contact us immediately and we will be happy to explain it to you.
- Right of Access
You have the right to access and obtain a copy of your Personal Data, and any supplementary information that we hold about you to enable you to verify the lawfulness of the processing carried out. This will be provided free of charge, unless your request is unfounded, excessive or repetitive, and the information will be sent to you within 30 days of your request being received.
- Right to Rectification
You have the right to request that we correct any inaccuracies in the Personal Data we hold about you. This will be corrected within one month.
- Right to erasure
- You have the right to request that we erase your Personal Data. For example, you may exercise this right in the following circumstances:
- Your Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by us.
- You withdraw consent and no other legal ground permits the processing.
- You object to the processing and there are no overriding legitimate interests for the processing.
- Your Personal Data was unlawfully processed; or
- Your Personal Data must be erased for compliance with a legal obligation.
- We refuse the right to delete your information when it falls within our data retention period stated above (6 years) as per South African local
regulations
- Right to restrict processing
- You have the right to restrict our processing of your Personal Data where any of the following circumstances apply, although we will still be allowed to store it:
- Where you feel that the Personal Data which we hold about you are not accurate. Processing will be restricted until you verify the accuracy of the information.
- Where the processing is unlawful, and you do not want your Personal Data to be erased and request the restriction of its use instead.
- Where we no longer need to process your Personal Data, but the data may be required to establish, exercise or defend a legal claim.
- Where you have objected to our processing of your Personal Data pending the verification of whether our legitimate business interests override your interests, rights and freedoms.
- Where you exercise your right to restrict our processing of your Personal Data, we will only continue to process it in accordance with the requirements of this policy or our legal obligations.
- Right to Data Portability
- You have a right to receive and transfer the Personal Data that we hold about you. This applies to: –
- Personal data you have provided to us.
- Where the data was processed by you giving us your individual consent or for the performance of a contract.
- And where processing was carried out by automated means.
- Where you make such a request, this will be provided in a structured, commonly used, machine readable format such as a CSV file. This will be completed within one month of us receiving your request.
- Right to object to processing
- In certain circumstances, you have a right to object to our processing of your Personal Data:
- Where we have processed it as a legitimate interest (including profiling)
- Direct Marketing (including profiling)
- Processing for scientific / historical research and statistics
- We will still be able to process your Personal Data where
- We can demonstrate compelling legitimate grounds for us to process your Personal Data which override your interests, rights and freedoms
- The processing is for establishment, exercise and defense of legal claims.
- Right to object to automated decision-making including profiling
- You have a right not to be subjected to decisions being made solely by automated means without any human involvement. We will still be able to carry out this type of decision-making where: –
- It is necessary to enter or for the performance of a contract (such as a contract of insurance) which is the main reason we would use this type of decision-making; or
- You have given your explicit consent for us to do so.
- We will only process data in the way you would expect it to be used, and you will be entitled to have a person from our firm to review the decision so that you can query it and set out your point of view and circumstances to us.
- Right to Withdraw Consent
Where the legal basis of Consent has been used for collecting the data, you have the right to withdraw that consent at any time. Where you exercise your right to withdraw consent, any data processed prior to the withdrawal of consent will remain valid.
- If you would like to exercise any of your rights above, please contact our service department , service@trumd.co.za .