1. INTRODUCTION
1.1 As we respect the privacy of all individuals who visits our website, social media accounts and/or our premises, we would like to inform you the way we obtain, disclose and utilize your personal information in order to conform with the purpose and aims of the Protection of Personal Information Act 4 of 2013.
1.2 We recommend you peruse this Privacy Policy and Consent carefully. By submitting your personal information to us, you will be treated as having given your permission, where necessary and appropriate, for disclosures referred to in this policy.
1.3 The company is committed to protect your privacy and to ensure that the organization, its staff and any other individual comply with legislation, is protected in case of a breach in terms of its responsibilities; and follows good practices.
1.4 The company undertakes to be open and transparent; act in terms of the prescribed legislation and good practices; ensure that its staff is properly trained in order to handle personal information in a consistent and confidential manner; and respect the rights of individuals.
2. DEFINITIONS
2.1 “Biometrics” means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition.
2.2 “The Company” means Harmony Addiction & Psychiatric Care and includes its affiliated, holding and subsidiary companies.
2.3 “The client” means a person or organization utilizing the service/s of the company, a client, supplier, debtor and/or creditor.
2.4 “Confidential information” includes, but is not limited to:
2.4.1 Name and surname of client
2.4.2 Identification Number
2.4.3 Physical address
2.4.4 Postal Address
2.4.5 Business entity’s name
2.4.6 Business entity’s registration number
2.4.7 Business entity’s CK documentation
2.4.8 Telephone numbers
2.4.9 Email address
2.4.10 Banking Details
2.4.11 VAT number
2.4.12 Any arrangements between the client and the entity and others with whom they have business arrangements of whatsoever nature, all of which the client and the entity regards as secret and confidential.
2.5 “Direct marketing” means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of: 2.5.1 Promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or
2.5.2 Requesting the data subject to make a donation, of any kind, for any reason whatsoever.
2.6 “Person” means a natural person or a juristic person.
2.7 “Personal information” means personal information, as defined in the Protection of Personal Information Act, and include but is not limited to: 2.7.1 Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.
2.7.2 Information relating to the education or the medical, financial, criminal or employment history of the person.
2.7.3 Any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person.
2.7.4 The blood type or any other biometric information of the person.
2.7.5 The personal opinions, views or preference of the person.
2.7.6 Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
2.7.7 The views or opinions of another individual about the person.
2.7.8 The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
2.8 “POPI Act” means the Protection of Personal information Act adopted by the Republic of South Africa and as amended from time to time.
2.8.1 The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use.
2.8.2 Dissemination by means of transmission, distribution or making available in any other form.
2.8.3 Merging, linking, as well as blocking, degradation, erasure or destruction of information.
2.9 “Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:
2.10 “Record” means any recorded information:
2.10.1 regardless of form or medium, including any of the following:
2.10.1.1 Writing on any material;
2.10.1.2 Information produced, recorded or stored by means of any tape recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
2.10.1.3 Label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;
2.10.1.4 Book, map, plan, graph or drawing;
2.10.1.5 Photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
2.10.2 In the possession or under the control of a responsible party;
2.10.3 Whether or not it was created by a responsible party; and pg. 5
2.10.4 Regardless of when it came into existence.
2.11 “Special personal information” refers to biometric information, health, sex life, political affiliation, ethnic origin, trade union membership, race, religious and philosophical beliefs, and individuals under the age of eighteen (18). It further includes criminal behaviour such as alleged offences and/or the proceedings dealing with such offences.
3. POLICY STATEMENT AND SCOPE
3.1 Please note that the following information refers to physical visits to any of the company’s premises as well as our websites and/or any social media accounts.
3.2 Our company, its subsidiaries and affiliates, respect all privacy related matters and acknowledges that all information received from you should be safeguarded in a proper and prescribed manner.
3.3 The above statement refers to all data provided by you, as well as all data collected through our websites and/or social media accounts. The data obtained will be used to mainly contact you for the purposes of understanding your requirements, to provide medical- and therapeutic treatment, to provide you with any further relevant information, service delivering, to provide you with a more personalized experience, analyse the effectiveness of the company’s advertisements, competitions and promotions. The information as provided by you, may further be used for marketing purposes, if not specifically indicated otherwise.
3.4 The company will comply with all the relevant data privacy legislation’s and will treat all personal information in accordance.
4. COLLECTION, PROCESSING, STORING AND DISCLOSURE OF INFORMATION
4.1 COLLECTION OF PERSONAL INFORMATION
4.1.1 The company may from time to time collect personal information from users for statistical purposes to improve the services the company renders. The users consent to process and/or collect personal information is automatically given when the user completes surveys, sign-in pg. 6
4.2.1 The company will take all reasonable steps to comply with all the conditions for lawful processing. 4.2.2 The company will collect personal information to contact the user for the purposes of understanding the user’s requirements, to provide the user with any further relevant information, to provide medical- and therapeutic treatment, service delivering and to provide a more personalized experience. The information as provided by the user, may further be used for marketing purposes, if not specifically indicated otherwise.
registers, completes online questions, and/or comments on the company’s social media accounts. The company’s web servers may in addition to this, when the user visits the company’s website and social media accounts, collect standard information based on the users search history, and further take no responsibility for the privacy practices of other sites and/or organizations which are linked to our sites and facilities.
4.1.2 Personal information, such as the user’s name, surname, name of the user’s organization, email address, and contact number, which the user provides the company with, will be used to mainly contact the user for the purposes of understanding his/her requirements, to provide the user with any further relevant information, service delivering, to provide the user with a more personalized experience, analyse the effectiveness of the company’s advertisements, competitions and promotions.
4.1.3 This information will be stored as prescribed by legislation and will be kept for a period deemed fit by the company to fulfil our legal obligations such as the prevention of fraud and/or money laundering. Please note that the IP-address used will also be kept for security purposes.
4.1.4 This policy statement includes the processing and safeguarding of information in any and all countries in which the company operates or has facilities in, in accordance with the relevant laws and regulations.
4.1.5 The company will not process special personal information unless it has obtained specific authorization to this effect.
4.2 PROCESSING OF INFORMATION pg. 7
4.2.3 The company will endeavour to process personal information in a fair, lawful and transparent manner and only with the consent of the data subject.
4.2.4 The company will ensure that all collected information is complete, accurate, not misleading and updated on a regular basis. 4.3.1.1 Data will be stored in as few as possible facilities.
4.3 STORAGE OF DATA
4.3.1 The company will ensure that measures are in place, by reviewing on a regular basis, its procedures to maintain an accurate data base and record of personal information. It will in particular: pg. 8
4.3.1.2 Systems will be updated, as information about individuals change.
4.3.1.3 Staff responsible for dealing with personal data will receive the necessary training and guidance.
4.3.1.4 Electronic records will be stored in a secure manner.
4.3.1.5 Hard copies will be kept safe in a secure location, which will only be accessible by authorized personnel. Storage will be secured and audited regularly to ensure the safety and the security of the information.
4.4 DISCLOSURE OF INFORMATION
4.4.1 The company may disclose a user’s personal information to our service providers (operator’s) who are involved in the delivery of products and/or services to an user. The company has agreements in place to ensure that operators comply with the privacy requirements, as required by the Protection of Personal Information Act.
4.4.2 The company may further disclose your information where we have a duty or a right to disclose same, in terms of law or industry codes; and/or where we believe it is necessary to protect our rights.
5. SECURITY MEASURES 5.4 If a user has reason to believe that his/her interaction with the company is no longer secure, please immediately notify the Information Officer of the company of the said problem.
5.1 The company complies with the security measures for the storing of data and personal information as prescribed by legislation. However, when data or personal information is transmitted over the internet the secure safeguarding of such information can unfortunately not be guaranteed and the company therefore cannot be held liable for any crime committed in such a manner.
5.2 In the case where personal information of a data subject was accessed or acquired by an unauthorized person or in the case whether reasonable grounds are present to believe that such a misconduct took place, the company will immediately inform the Information Officer. The Information Officer will subsequently inform the Regulator in terms of and in line with Section 22 of the POPI Act. The company will further adhere to the management plan, as outlined in the company’s Data Breach Policy.
5.3 If personal information is transferred outside the Republic of South African, the company will subsequently comply with Section 72 of the POPI Act and will implement contractual agreements with the relevant third parties.
6. DATA SUBJECT RIGHTS
6.1 ACCESS TO OWN PERSONAL INFORMATION
6.1.1 Data subjects have the right to request the company to provide them with the following information:
6.1.1.1 Details of any personal information that the company holds, including any record relating to the personal information.
6.1.1.2 Details of the manner in which the company has used and processed the personal information.
6.1.2 Such request should be made in writing to the Information Officer of the company. pg. 9
6.1.3 On receipt of such a request, the company may request proof of identity prior to releasing the said information.
6.2 CORRECTION OF PERSONAL INFORMATION
6.2.1 It is each data subject’s responsibility to ensure that all their personal information, that the company keeps, is accurate, complete and up to date. Therefore, the company encourages all data subjects to inform us if any of their personal information changed to enable the company to update its records accordingly.
6.2.2 Data subjects may opt to provide additional personal information to the company.
6.2.3 On receipt of such a request, the company may request proof of identity prior to updating the said information.
6.3 OBJECTION
6.3.1 Data subjects have the right to object to the processing of their personal information. On receipt of such objection, the company will place a hold on any further processing, until the cause of the objection has been resolved.
6.3.2 In the event that a data subject withhold consent to provide their personal information to the company, the company will not be able to engage with them or to enter into an agreement or relationship with them.
7. DIRECT MARKETING
7.1 Direct marketing, whether via an electronic communication, automated calling machines, SMS’s or emails will not be used, unless the data subject has given his consent. However, the company confirms that it would only contact a client / prospect once to obtain such consent.
7.2 There are exceptions to direct marketing, for example if the company contacts an existing client to sell any other related products the company is providing or if the data subject has been given a reasonable opportunity to object, free of charge, to use his electronic details. pg. 10
7.3 The company may furthermore obtain external lists for marketing purposes.
8. COOKIES
8.1 This section should be read together with the company’s Cookie Policy.
8.2 Cookies are created when a user uses his/her browser to visit a website, that uses cookies to keep track of his/her movements within the site, for example help the user to resume where he/she left off.
8.3 Cookies can store a wide range of information, including personal information (such as a user’s name and/or email address etc.).
8.4 The company’s website uses cookies to process any personal information. The cookie pop-up banner will serve as a cookie notice, to users browsing the company’s website. Users will have the option to accept or reject the cookies. Hence, the user, browsing the company’s website, will need to give their express consent to confirm the latter.
8.5 The company will ensure that the pop-up banner reappears on a regular basis to remind the user that their personal information if being processed by the company.
9. INFORMATION OFFICER
9.1 The company has appointed an Information Officer to ensure compliance with the POPI Act.
9.2 The company’s appointed information officer is Kyle Collins. The information officer’s contact details are:
Email: kyle@harmonyclinic.co.za
Telephone Number: (021) 790 7779 pg. 11
10. POLICY REVIEW
10.1 The privacy policy is subject to change. The information officer will consult with the relevant stakeholders, should amendments be made to the said policy.
10.2 Any changes will be posted to our website, social media accounts and written documentation. The onus is upon each client to familiarize him- or herself with the content of this policy on a continuous basis.
11. DISCLAIMER
11.1 The use of the company’s website and/or social media platforms is entirely at the user’s own risk and the user assumes full responsibility for own risk or loss resulting from the use of the company’s website and/or social media platforms.
11.2 The company disclaims liability for any damage, loss or expenses, whether direct, indirect or consequential in nature arising out of or in connection with the user’s access to or use of the website and/or social media platform.
11.3 In addition to the disclaimers contained elsewhere on the website or in this Privacy Policy, the company also makes no warranty or representation, whether express or implied, that the information or files available on the website and/or social media platforms are free of viruses, spyware, malware, trojans, destructive materials or any other data or code which is able to corrupt, destroy, compromise, disrupt, disable, harm, jeopardise or otherwise impede in any manner the operation, stability, security functionality or content of the user’s computer system, computer network, hardware or software in any way. The users accept all risk associated with the existence of such viruses, destructive materials or any other data or code which is able to corrupt, compromise, jeopardise, disrupt, disable, harm or otherwise impede in any manner the operation or content of a computer system, computer network, any handset or mobile device, or the user’s hardware or software, save where such risks arise due to the gross negligence or wilful misconduct of the company, its employees, agents or authorized representatives. The company disclaims all liability for any damage, loss or liability of any nature whatsoever arising out of or in connection with the user’s access to or use of the company’s website and/or social media platforms. pg. 12
11.4 Any views or statements made or expressed on the company’s website and/or social media platforms are not necessarily the views of the company, its directors, employees and/or agents.
12. GOVERNING LAW AND JURISDICTION
12.1 This Privacy Policy and our relationship and/or any dispute arising from or in connection with the Privacy Policy will be governed and interpreted in accordance with the laws of the Republic of South Africa.
12.2 The user’s continued use of the website and/or the company’s social media platforms will constitute the user’s consent and submission to the jurisdiction of the South African Courts regarding all proceedings, transactions, applications or the like instituted by either party against the other, arising from any of the Privacy Policy.
12.3 In the event of any dispute arising between the users and the company, the user hereby consents to the non-exclusive jurisdiction of the High Court of the Republic of South Africa in the Province of the Head Office of the company.
13. GENERAL
13.1 Any failure on the part of users or the company to enforce any right in terms hereof will not constitute a waiver of that right.
13.2 If any term or condition contained herein is declared invalid, the remaining terms and conditions will remain in full force and effect.
13.3 No indulgence, extension of time, relaxation or latitude which any party (the “grantor”) may show grant or allow to the other (the “grantee”) will constitute a waiver by the grantor of any of the grantor’s rights and the grantor will not thereby be prejudiced or stopped from exercising any of its rights against the grantee which may have arisen in the past, or which might arise in the future.
13.4 No other warranty or undertaking is valid, unless contained in this document between the parties.