1. Introduction:

Overview of POPIA and Its Purpose:

The Protection of Personal Information Act (POPIA) stands as a pivotal legislation in South Africa, established to safeguard the privacy and personal data of individuals. POPIA outlines the responsible and lawful processing of personal information, emphasizing transparency, fairness, and the protection of individuals' rights. The Act serves to regulate the collection, use, dissemination, and safeguarding of personal information, ensuring that organizations adhere to stringent data protection standards.

Explanation of OnlyMed (Pty) Ltd.'s Commitment to Data Protection and Privacy:

OnlyMed (Pty) Ltd., as a registered entity under South African law, places paramount importance on the privacy and security of personal information. We are deeply committed to upholding the principles and requirements set forth by POPIA. Our commitment extends to our clients, patients, employees, and all stakeholders who trust us with their personal data.

At OnlyMed, we have implemented rigorous data protection policies and procedures in accordance with POPIA. Our staff members are educated and trained to handle personal information ethically and responsibly. We utilize advanced technological safeguards to protect the confidentiality and integrity of the data we process. We are dedicated to ensuring that personal information is processed lawfully, fairly, and for legitimate purposes, in line with the Act's requirements.

By adopting a proactive approach to data protection, OnlyMed (Pty) Ltd. strives to build and maintain trust with our clients and stakeholders. We are transparent about how personal information is collected, used, and shared. Additionally, we are committed to assisting individuals in exercising their rights under POPIA, including the right to access, correct, or delete their personal information.

Through continuous compliance monitoring, staff training, and adherence to best practices, OnlyMed (Pty) Ltd. reaffirms its commitment to data protection and privacy. We are dedicated to staying abreast of evolving data protection laws and standards, ensuring that our practices align with the latest legal requirements.

 

2. Information of the Responsible Party:

2.1 Name of the Organization:

OnlyMed (Pty) Ltd.

2.2 Contact Details of the Organization:

• Physical Address: 151 5th St, Sandown, Sandton, 2031 South Africa

• Email Address: support@onlymed.co.za

• Telephone Number: +2787 700 1846

2.3 Details of the Information Officer (if applicable):

In accordance with the requirements of the Protection of Personal Information Act (POPIA), OnlyMed (Pty) Ltd. designates the following individual as the Information Officer responsible for overseeing and ensuring compliance with data protection and privacy matters:

• Name of Information Officer: Faith Aphane
• Email Address of Information Officer: dpo@onlymed.co.za
• Contact Number of Information Officer: 087 7001846

The Information Officer is responsible for:

• Overseeing the organization's compliance with POPIA and related data protection laws.
• Handling data protection inquiries and complaints.
• Promoting a culture of data protection within the organization.
• Monitoring and assessing data protection risks.

 

3. The Purpose of Processing Personal Information:

Introduction:

In accordance with the Protection of Personal Information Act (POPIA) of South Africa, OnlyMed (Pty) Ltd. processes personal information for specific and lawful reasons. We are committed to ensuring that all personal data is collected and processed responsibly and in compliance with applicable laws.

Specific and Lawful Reasons for Collecting and Processing Personal Information:

OnlyMed collects and processes personal information for the following specific and lawful purposes:

1. Appointment Management: We collect personal information to facilitate the scheduling and management of appointments between patients and medical practitioners. This includes details such as names, contact information, medical history, and appointment preferences.

2. Prescription and Medical Record Management: Personal information is processed to generate and manage electronic prescriptions, store medical records securely, and provide accurate healthcare services. This information may include prescription details, medical histories, and test results.

3. Online Consultations: For online consultations, we collect personal information necessary for medical practitioners to assess patients' conditions remotely. This includes symptoms, medical history, and other relevant health information shared during the consultation.

4. Billing and Payment Processing: Personal information is used to process payments for appointments, consultations, and other healthcare services. This includes payment details such as credit card numbers, billing addresses, and transaction records.

5. Communication and Support: We collect personal information to facilitate communication between patients, medical practitioners, and OnlyMed support staff. This ensures smooth coordination of appointments, resolution of queries, and provision of support services.

Explanation of Why the Information is Necessary for the Organization:

The collection and processing of personal information are necessary for OnlyMed to deliver efficient and effective healthcare services to our users. Personal information enables us to:

• Ensure Accuracy and Relevance: By collecting relevant personal information, we can accurately match patients with appropriate medical practitioners, ensuring that appointments and consultations are tailored to individual healthcare needs.

• Enhance User Experience: Personal information helps us personalize the user experience, providing tailored medical advice, appointment reminders, and relevant healthcare-related information to patients.

• Comply with Legal Obligations: OnlyMed processes personal information to comply with legal requirements, including those outlined in the Protection of Personal Information Act (POPIA) of South Africa.

• Facilitate Secure Transactions: Personal information is essential for processing secure online payments, safeguarding financial transactions between patients and OnlyMed.

• Enable Timely and Informed Medical Decisions: Medical practitioners require access to relevant patient information to make informed decisions during appointments and online consultations, ensuring high-quality healthcare services.

We are committed to ensuring the confidentiality, integrity, and security of all personal information collected and processed. If you have any concerns or questions regarding the collection and processing of your personal information, please refer to our Privacy Policy or contact our Data Protection Officer at dpo@onlymed.co.za for further assistance.

 

4. Categories of Data Subjects and Personal Information Processed:

Types of Personal Information Processed:

In accordance with the Protection of Personal Information Act (POPIA) of South Africa, OnlyMed (Pty) Ltd. processes the following types of personal information:

• Identity Information: Including but not limited to names, identification numbers, passport details, and social security numbers.

• Contact Information: Including addresses, email addresses, and telephone numbers.

• Medical Information: Such as medical history, prescription details, diagnoses, and treatment records.

• Financial Information: Limited to payment details and billing information for processing transactions.

• Online Identifiers: Such as IP addresses and cookies collected through the use of our website and online services.

Categories of Data Subjects:

OnlyMed (Pty) Ltd. processes personal information for various categories of data subjects, which include but are not limited to:

• Patients: Individuals who seek medical services, book appointments, and avail of healthcare-related services through our platform.

• Medical Practitioners: Licensed doctors, specialists, and healthcare professionals registered on our platform to provide medical services to patients.

• Employees: Personnel employed by OnlyMed (Pty) Ltd. for the purposes of managing and operating the platform, including customer support and technical staff.

• Business Partners: Individuals associated with partner organizations, medical facilities, and service providers collaborating with OnlyMed (Pty) Ltd.

• Website Visitors: Individuals who visit our website and interact with our online services, thereby providing online identifiers.

It is the policy of OnlyMed (Pty) Ltd. to collect and process this information only for the purposes explicitly stated in our Privacy Policy and in accordance with the lawful processing conditions as set out in POPIA.

 

5. Recipients of Personal Information:

5.1. Entities or Individuals Receiving Personal Information

OnlyMed (Pty) Ltd., as the Responsible Party under the Protection of Personal Information Act (POPIA), may share personal information with specific entities or individuals when required for legitimate and lawful purposes. The sharing of personal information will only occur as necessary to fulfill the purposes for which the information was collected.

5.2. Explanation of the Necessity for Sharing Information

Sharing personal information with recipients is essential for the following lawful and legitimate purposes:

5.2.1. Medical Practitioners:

• Purpose: Sharing patient information with medical practitioners, specialists, and healthcare providers is crucial to facilitate the booking of medical appointments, consultations, and the provision of healthcare services.

5.2.2. Partnered Healthcare Facilities:

• Purpose: OnlyMed may share personal information with healthcare facilities, hospitals, clinics, and pharmacies to enable seamless appointment scheduling, prescription management, and medication fulfillment.

5.2.3. Billing and Payment Processing:

• Purpose: Personal information may be shared with financial institutions and payment service providers for secure billing, payment processing, and insurance claims.

5.2.4. Regulatory Compliance:

• Purpose: In accordance with South African regulations, personal information may be shared with regulatory bodies, law enforcement agencies, or other government entities as required to comply with legal obligations or investigations.

5.2.5. Service Providers:

• Purpose: OnlyMed may engage third-party service providers for technical support, data hosting, security, and system maintenance. These service providers may have access to personal information but are bound by strict data protection and security agreements.

5.2.6. Patient Consent:

• Purpose: In cases where a patient's consent is obtained, personal information may be shared with entities or individuals explicitly designated by the patient for medical consultations, second opinions, or sharing health information with family members.

5.2.7. Business Partnerships:

• Purpose: OnlyMed is actively working on partnership agreements with medical service providers and organizations to enhance patients' access to medical attention and support. Personal information may be shared as part of these agreements to benefit our users.

5.2.8. Research and Analytics:

• Purpose: In instances where data is anonymized and aggregated, personal information may be used for research, analysis, and improving the quality of healthcare services.

Sharing personal information with these recipients is based on lawful and legitimate purposes, and every effort is made to ensure the security and confidentiality of such information.

 

6. Transborder Flow of Personal Information:

6.1 Details of Cross-Border Data Transfers:

OnlyMed (Pty) Ltd. ("OnlyMed") may engage in cross-border data transfers in compliance with the Protection of Personal Information Act (POPIA) and other applicable South African data protection laws. Cross-border data transfers may involve transmitting personal information to recipients or service providers located in countries outside of South Africa.

6.2 Measures in Place to Ensure Data Protection During International Transfers:

OnlyMed is committed to ensuring that any cross-border data transfers are conducted securely and in accordance with the principles of POPIA. To safeguard the personal information being transferred internationally, OnlyMed implements the following measures:

a. Data Transfer Agreements: OnlyMed enters into data transfer agreements with recipients in other countries. These agreements include standard contractual clauses or binding corporate rules, as required by POPIA, to ensure the protection of personal information during international transfers.

b. Data Minimization: OnlyMed only transfers the minimum amount of personal information necessary for the intended purpose. Unnecessary or excessive data is not transferred across borders.

c. Encryption and Security Protocols: Personal information transferred internationally is encrypted using secure encryption protocols during transmission. Only authorized personnel have access to the encryption keys, ensuring that the data remains confidential and secure.

d. Vendor Due Diligence: Before engaging with any international service provider or recipient, OnlyMed conducts thorough due diligence to assess their data protection practices and ensure they comply with South African data protection laws.

e. Compliance with International Standards: OnlyMed ensures that the recipients of personal information adhere to international data protection standards equivalent to or higher than those prescribed by South African laws.

f. Information and Awareness: Employees involved in cross-border data transfers receive appropriate training and awareness programs to understand their responsibilities and the importance of data protection during international transfers.

g. Regular Compliance Audits: OnlyMed conducts regular audits and assessments to ensure that all cross-border data transfers comply with POPIA and other relevant legislation. Any discrepancies or non-compliance issues are addressed promptly.

h. Data Subject Rights: OnlyMed informs data subjects about the possibility of international data transfers and obtains their consent when required by law. Data subjects are also informed of their rights and how to exercise them concerning their personal information transferred internationally.

 

7. Security Measures:

Description of Security Safeguards:

OnlyMed (Pty) Ltd. is committed to safeguarding the personal information of our users and has implemented comprehensive security measures to protect against unauthorized access, disclosure, alteration, and destruction of personal data. Our security safeguards include, but are not limited to:

• Data Encryption: All personal information transmitted through our platform is encrypted using secure socket layer technology (SSL/TLS) to ensure secure communication between users and our servers.

• Access Control: Access to personal information is restricted to authorized personnel only. We employ strict access controls, including unique user credentials, role-based access, and two-factor authentication, to limit access to sensitive data.

• Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security risks promptly. This includes testing our systems for weaknesses and vulnerabilities that could be exploited by malicious entities.

• Incident Response Plan: We have a robust incident response plan in place to handle data breaches or security incidents. Our team is trained to respond promptly, investigate incidents, mitigate risks, and notify affected individuals and regulatory authorities if required by law.

Technical and Organizational Measures to Prevent Data Breaches:

• Firewall Protection: Our network is protected by firewalls to prevent unauthorized access and potential cyber-attacks. Firewalls are regularly updated to counter emerging threats effectively.

• Secure Development Practices: We adhere to secure coding practices during the development of our software, ensuring that vulnerabilities are minimized from the outset.

• Regular Software Updates: We promptly apply security patches and updates to all software and applications used within our platform to address known vulnerabilities and enhance overall system security.

• Employee Training: Our staff undergoes regular training on data protection, privacy, and security best practices. This training ensures that our employees are aware of their roles and responsibilities in protecting personal information.

• Data Backups: Regular automated data backups are performed to prevent data loss in the event of a breach. Backups are stored securely and can be restored quickly to minimize disruptions in case of an incident.

• Third-Party Security Assessment: We conduct thorough security assessments of third-party vendors and service providers to ensure they meet our security standards and comply with applicable data protection laws.

OnlyMed (Pty) Ltd. continually assesses and enhances our security measures to align with the evolving threat landscape and comply with South African data protection laws, including POPIA. Our commitment to data security is unwavering, and we take every necessary measure to protect the personal information entrusted to us by our users.

 

8. Data Subject Participation:

8.1. Data Subjects' Rights under POPIA:

Under the Protection of Personal Information Act (POPIA) in South Africa, data subjects have certain rights that allow them to exercise control over their personal information. These rights include, but are not limited to:

1. Right to Access: Data subjects have the right to request access to their personal information held by the organization. This includes the right to know what information is being processed, the purpose of processing, and who has access to it.

2. Right to Correction: Data subjects can request the correction of inaccurate or incomplete personal information. The organization is responsible for ensuring that the data is accurate, relevant, and up to date.

3. Right to Deletion: Data subjects have the right to request the deletion of their personal information under certain circumstances. This right is subject to legal obligations and considerations.

8.2. Procedures for Data Subjects to Exercise Their Rights:

Data subjects who wish to exercise their rights under POPIA may do so by following the procedures outlined below:

a. Right to Access:

1. Submit a Written Request: Data subjects should submit a written request to the Information Officer of the organization. The request should include the specific information they wish to access.

2. Verification of Identity: To protect the data subject's privacy, the organization reserves the right to verify the identity of the requestor before processing the request.

3. Processing Time: The organization will process the request as soon as possible, but no later than 30 days after receiving it, unless an extension is warranted.

b. Right to Correction:

1. Submit a Written Request: Data subjects should submit a written request to the Information Officer, specifying the information that needs correction.

2. Verification of Identity: The organization may request proof of identity to ensure the requestor's authenticity.

3. Processing Time: Corrections will be made as promptly as possible, with the organization aiming to complete the correction within 30 days of receiving the request.

c. Right to Deletion:

1. Submit a Written Request: Data subjects should submit a written request to the Information Officer, explaining the basis for their request for data deletion.

2. Verification of Identity: The organization may need to confirm the requestor's identity.

3. Legal Considerations: The organization will consider the request in accordance with legal obligations, and data may not be deleted if it must be retained for specific purposes.

Contact Information for Exercising Rights:

For any requests or inquiries related to the exercise of data subject rights under POPIA, data subjects can contact our Information Officer:

• Name of Information Officer: Faith Aphane
• Email Address of Information Officer: dpo@onlymed.co.za
• Contact Number of Information Officer: 087 7001846

We are committed to respecting and upholding the rights of data subjects in compliance with POPIA and ensuring that their personal information is treated with care and confidentiality.

 

9. Complaints Procedure:

Process for Filing Complaints Regarding the Processing of Personal Information

At OnlyMed (Pty) Ltd., we are committed to ensuring the protection of your personal information in compliance with the Protection of Personal Information Act (POPIA) of South Africa. We recognize the importance of addressing any concerns or complaints related to the processing of personal information promptly and effectively. This section outlines the process for filing complaints and provides the necessary contact details.

Filing a Complaint:

If you believe that your personal information has been mishandled, processed unlawfully, or if you have concerns regarding your privacy rights, you may file a complaint by following these steps:

1. Contact Us First: Before submitting a formal complaint, we encourage you to reach out to our Data Protection Officer or Customer Support Team. Many concerns can be addressed promptly and to your satisfaction through direct communication.

2. Submit a Formal Complaint: If your concerns are not resolved to your satisfaction, you may submit a formal complaint in writing. Your complaint should include the following information:

   • Your name, contact information, and relationship with OnlyMed.
   • A detailed description of your complaint, including the specific circumstances and the nature of the alleged privacy breach.
   • Any supporting documents or evidence relevant to your complaint.
   • The date of your complaint.

Contact Details for Lodging Complaints:

To submit a formal complaint, please use the following contact information:

Postal Address:

OnlyMed (Pty) Ltd.
Attn: Data Protection Officer
151 5th St, Sandown, Sandton, 2031
South Africa

Email Address:

Email: dpo@onlymed.co.za

Phone Number:

Phone: +2787 700 1846

Acknowledgment and Resolution:

Upon receiving your formal complaint, we will acknowledge receipt within a reasonable timeframe, typically within 10 working days. We will conduct an investigation into your concerns and provide you with a written response outlining the outcome of our investigation.

Should we require additional information from you during the investigation, we will contact you accordingly. We are committed to resolving complaints and ensuring that the processing of personal information aligns with legal requirements.

Further Recourse:

If you are dissatisfied with the outcome of our internal investigation or if you believe your complaint has not been adequately addressed, you have the right to escalate the matter to the Information Regulator of South Africa. You can find their contact details at Information Regulator of South Africa.

We are dedicated to maintaining the highest standards of personal information protection and ensuring that your privacy concerns are handled with care and diligence.

 

10. Access to the POPIA Manual:

Online Access: The comprehensive POPIA (Protection of Personal Information Act) manual for OnlyMed is easily accessible to the public on our official website at https://www.onlymed.co.za/popia-manual. Here, individuals can view, download, and reference the manual at their convenience. Our website is designed to be user-friendly, ensuring straightforward navigation and easy access to essential information, including the POPIA manual.

Physical Copy: Individuals who prefer a physical copy of the POPIA manual can request one by reaching out to us through the following methods:

Postal Address: OnlyMed (Pty) Ltd. 151 5th St, Sandown, Sandton, 2031 South Africa

Contact Email: dpo@onlymed.co.za

Contact Phone: +2787 700 1846

Please include your full name, contact details, and a specific request for the POPIA manual in your communication. Once we receive your request, we will process it promptly and dispatch a hard copy of the manual to your provided address.

Contact Information: For any questions or assistance regarding access to the POPIA manual specific to OnlyMed, please feel free to reach out to our dedicated Privacy Officer:

• Name of Information Officer: Faith Aphane
• Email Address of Information Officer: dpo@onlymed.co.za
• Contact Number of Information Officer: 087 7001846

Our Privacy Officer is available to address any queries related to the POPIA manual or OnlyMed's compliance with the Protection of Personal Information Act. We are committed to ensuring transparency, accessibility, and compliance with all relevant regulations.

 

11. Review and Update:

At OnlyMed, we are committed to ensuring the protection and privacy of personal information in compliance with the Protection of Personal Information Act (POPIA). This POPIA Manual is a living document that reflects our dedication to maintaining the highest standards of data protection.

To uphold these standards, we undertake to review and update this manual regularly. Our commitment to compliance with POPIA means that we will:

• Regularly Review: We will conduct periodic reviews of our data processing activities, policies, and procedures to ensure alignment with the requirements of POPIA.

• Prompt Updates: Any necessary updates and revisions to our policies and processes will be made promptly to address changes in legislation, technology, or our business practices.

• Continuous Compliance: We will continue to educate our staff on data protection principles and ensure their compliance with the latest data protection requirements.

• Engage with Data Subjects: We will actively engage with data subjects to respect their rights, including the right to access their personal information, correct inaccuracies, and address any concerns they might have.

• Transparency: We will maintain transparency in our data processing activities, keeping data subjects informed about how their information is being used and processed.

• Documentation: We will keep detailed records of our data processing activities, ensuring that our documentation is up-to-date and accurately reflects our data processing practices.

• Compliance Training: Our staff will undergo regular training sessions to stay informed about their responsibilities under POPIA, promoting a culture of data protection within our organization.

• Legal Guidance: We will seek legal counsel when necessary to ensure that our data processing activities, policies, and procedures align with the latest legal requirements and standards.

By regularly reviewing and updating our policies and practices, we aim to adapt to the evolving landscape of data protection laws and ensure the continued trust of our clients, employees, and all other stakeholders. Our commitment to compliance with POPIA is unwavering, and we will take all necessary steps to protect personal information and uphold the rights of data subjects.

 

Conclusion:

At OnlyMed (Pty) Ltd., we are deeply committed to safeguarding the personal information of our users and ensuring strict compliance with the Protection of Personal Information Act (POPIA) and other relevant South African laws and regulations.

We recognize the importance of privacy and the trust you place in us when sharing your personal information. As custodians of your data, we have implemented stringent security measures and robust protocols to protect your information from unauthorized access, misuse, alteration, or disclosure. These measures align with the highest industry standards and reflect our unwavering dedication to data security.

Our commitment extends beyond mere compliance; it is rooted in our core values. We continually educate our employees and partners about the importance of data protection and privacy, fostering a culture of responsibility and accountability throughout our organization. We regularly review and update our policies, procedures, and technologies to adapt to evolving security threats and ensure the ongoing protection of your personal information.

By choosing OnlyMed, you can trust that your data is handled with the utmost care and integrity. We value your privacy and are dedicated to providing a secure environment where you can confidently manage your medical appointments, records, and interactions. Should you have any concerns or questions about how your data is processed, please do not hesitate to contact us.

Thank you for entrusting us with your personal information. Your privacy is our priority, and we remain steadfast in our commitment to maintaining the highest standards of data protection and compliance with POPIA.

Sincerely,

Mr Tebogo Magolego
CEO, OnlyMed (Pty) Ltd.

Date: 2023 October 18