1.1 As we respect the privacy of all individuals who visits our website, social media accounts and/or our premises, we would like to inform you the way we obtain, disclose and utilize your personal information in order to conform with the purpose and aims of the Protection of Personal Information Act 4 of 2013.
1.3 The company is committed to protect your privacy and to ensure that the organization, its staff and any other individual comply with legislation, is protected in case of a breach in terms of its responsibilities; and follows good practices.
1.4 The company undertakes to be open and transparent; act in terms of the prescribed legislation and good practices; ensure that its staff is properly trained in order to handle personal information in a consistent and confidential manner; and respect the rights of individuals.
2.1 “Biometrics” means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition.
2.2 “The Company” means Harmony Addiction & Psychiatric Care and includes its affiliated, holding and subsidiary companies.
2.3 “The client” means a person or organization utilizing the service/s of the company, a client, supplier, debtor and/or creditor.
2.4 “Confidential information” includes, but is not limited to:
- 2.4.1 Name and surname of client
- 2.4.2 Identification Number
- 2.4.3 Physical address
- 2.4.4 Postal Address
- 2.4.5 Business entity’s name
- 2.4.6 Business entity’s registration number
- 2.4.7 Business entity’s CK documentation
- 2.4.8 Telephone numbers
- 2.4.9 Email address
- 2.4.10 Banking Details
- 2.4.11 VAT number
- 2.4.12 Any arrangements between the client and the entity and others with whom they have business arrangements of whatsoever nature, all of which the client and the entity regards as secret and confidential.
2.5 “Direct marketing” means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of: 2.5.1 Promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject; or
2.5.2 Requesting the data subject to make a donation, of any kind, for any reason whatsoever.
2.6 “Person” means a natural person or a juristic person.
2.7 “Personal information” means personal information, as defined in the Protection of Personal Information Act, and include but is not limited to: 2.7.1 Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person.
2.7.2 Information relating to the education or the medical, financial, criminal or employment history of the person.
2.7.3 Any identifying number, symbol, email address, physical address, telephone number, location information, online identifier or other particular assignment to the person.
2.7.4 The blood type or any other biometric information of the person.
2.7.5 The personal opinions, views or preference of the person.
2.7.6 Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
2.7.7 The views or opinions of another individual about the person.
2.7.8 The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
2.8 “POPI Act” means the Protection of Personal information Act adopted by the Republic of South Africa and as amended from time to time.
2.8.1 The collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use.
2.8.2 Dissemination by means of transmission, distribution or making available in any other form.
2.8.3 Merging, linking, as well as blocking, degradation, erasure or destruction of information.
2.9 “Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:
2.10 “Record” means any recorded information:
2.10.1 regardless of form or medium, including any of the following:
22.214.171.124 Writing on any material;
126.96.36.199 Information produced, recorded or stored by means of any tape recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
188.8.131.52 Label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;
184.108.40.206 Book, map, plan, graph or drawing;
220.127.116.11 Photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
2.10.2 In the possession or under the control of a responsible party;
2.10.3 Whether or not it was created by a responsible party; and
2.10.4 Regardless of when it came into existence.
2.11 “Special personal information” refers to biometric information, health, sex life, political affiliation, ethnic origin, trade union membership, race, religious and philosophical beliefs, and individuals under the age of eighteen (18). It further includes criminal behaviour such as alleged offences and/or the proceedings dealing with such offences.
3. POLICY STATEMENT AND SCOPE
3.1 Please note that the following information refers to physical visits to any of the company’s premises as well as our websites and/or any social media accounts.
3.2 Our company, its subsidiaries and affiliates, respect all privacy related matters and acknowledges that all information received from you should be safeguarded in a proper and prescribed manner.
3.3 The above statement refers to all data provided by you, as well as all data collected through our websites and/or social media accounts. The data obtained will be used to mainly contact you for the purposes of understanding your requirements, to provide medical- and therapeutic treatment, to provide you with any further relevant information, service delivering, to provide you with a more personalized experience, analyse the effectiveness of the company’s advertisements, competitions and promotions. The information as provided by you, may further be used for marketing purposes, if not specifically indicated otherwise.
3.4 The company will comply with all the relevant data privacy legislation’s and will treat all personal information in accordance.
4. COLLECTION, PROCESSING, STORING AND DISCLOSURE OF INFORMATION
4.1 COLLECTION OF PERSONAL INFORMATION
4.1.1 The company may from time to time collect personal information from users for statistical purposes to improve the services the company renders. The users consent to process and/or collect personal information is automatically given when the user completes surveys, registers, completes online questions, and/or comments on the company’s social media accounts. The company’s web servers may in addition to this, when the user visits the company’s website and social media accounts, collect standard information based on the users search history, and further take no responsibility for the privacy practices of other sites and/or organizations which are linked to our sites and facilities.
4.1.2 Personal information, such as the user’s name, surname, name of the user’s organization, email address, and contact number, which the user provides the company with, will be used to mainly contact the user for the purposes of understanding his/her requirements, to provide the user with any further relevant information, service delivering, to provide the user with a more personalized experience, analyse the effectiveness of the company’s advertisements, competitions and promotions.
4.1.3 This information will be stored as prescribed by legislation and will be kept for a period deemed fit by the company to fulfil our legal obligations such as the prevention of fraud and/or money laundering. Please note that the IP-address used will also be kept for security purposes.
4.1.4 This policy statement includes the processing and safeguarding of information in any and all countries in which the company operates or has facilities in, in accordance with the relevant laws and regulations.
4.1.5 The company will not process special personal information unless it has obtained specific authorization to this effect.
4.2 PROCESSING OF INFORMATION
4.2.1 The company will take all reasonable steps to comply with all the conditions for lawful processing.
4.2.2 The company will collect personal information to contact the user for the purposes of understanding the user’s requirements, to provide the user with any further relevant information, to provide medical- and therapeutic treatment, service delivering and to provide a more personalized experience. The information as provided by the user, may further be used for marketing purposes, if not specifically indicated otherwise.
4.2.3 The company will endeavour to process personal information in a fair, lawful and transparent manner and only with the consent of the data subject.
4.2.4 The company will ensure that all collected information is complete, accurate, not misleading and updated on a regular basis. 18.104.22.168 Data will be stored in as few as possible facilities.
4.3 STORAGE OF DATA
4.3.1 The company will ensure that measures are in place, by reviewing on a regular basis, its procedures to maintain an accurate data base and record of personal information. It will in particular: pg. 8
22.214.171.124 Systems will be updated, as information about individuals change.
126.96.36.199 Staff responsible for dealing with personal data will receive the necessary training and guidance.
188.8.131.52 Electronic records will be stored in a secure manner.
184.108.40.206 Hard copies will be kept safe in a secure location, which will only be accessible by authorized personnel. Storage will be secured and audited regularly to ensure the safety and the security of the information.
4.4 DISCLOSURE OF INFORMATION 4.4.1 The company may disclose a user’s personal information to our service providers (operator’s) who are involved in the delivery of products and/or services to an user. The company has agreements in place to ensure that operators comply with the privacy requirements, as required by the Protection of Personal Information Act.
4.4.2 The company may further disclose your information where we have a duty or a right to disclose same, in terms of law or industry codes; and/or where we believe it is necessary to protect our rights.
5. SECURITY MEASURES 5.4 If a user has reason to believe that his/her interaction with the company is no longer secure, please immediately notify the Information Officer of the company of the said problem.
5.1 The company complies with the security measures for the storing of data and personal information as prescribed by legislation. However, when data or personal information is transmitted over the internet the secure safeguarding of such information can unfortunately not be guaranteed and the company therefore cannot be held liable for any crime committed in such a manner.
5.2 In the case where personal information of a data subject was accessed or acquired by an unauthorized person or in the case whether reasonable grounds are present to believe that such a misconduct took place, the company will immediately inform the Information Officer. The Information Officer will subsequently inform the Regulator in terms of and in line with Section 22 of the POPI Act. The company will further adhere to the management plan, as outlined in the company’s Data Breach Policy.
5.3 If personal information is transferred outside the Republic of South African, the company will subsequently comply with Section 72 of the POPI Act and will implement contractual agreements with the relevant third parties.
6. DATA SUBJECT RIGHTS
6.1 ACCESS TO OWN PERSONAL INFORMATION
6.1.1 Data subjects have the right to request the company to provide them with the following information:
220.127.116.11 Details of any personal information that the company holds, including any record relating to the personal information.
18.104.22.168 Details of the manner in which the company has used and processed the personal information.
6.1.2 Such request should be made in writing to the Information Officer of the company.
6.1.3 On receipt of such a request, the company may request proof of identity prior to releasing the said information.
6.2 CORRECTION OF PERSONAL INFORMATION
6.2.1 It is each data subject’s responsibility to ensure that all their personal information, that the company keeps, is accurate, complete and up to date. Therefore, the company encourages all data subjects to inform us if any of their personal information changed to enable the company to update its records accordingly.
6.2.2 Data subjects may opt to provide additional personal information to the company.
6.2.3 On receipt of such a request, the company may request proof of identity prior to updating the said information.
6.3.1 Data subjects have the right to object to the processing of their personal information. On receipt of such objection, the company will place a hold on any further processing, until the cause of the objection has been resolved.
6.3.2 In the event that a data subject withhold consent to provide their personal information to the company, the company will not be able to engage with them or to enter into an agreement or relationship with them.
7. DIRECT MARKETING
7.1 Direct marketing, whether via an electronic communication, automated calling machines, SMS’s or emails will not be used, unless the data subject has given his consent. However, the company confirms that it would only contact a client / prospect once to obtain such consent.
7.2 There are exceptions to direct marketing, for example if the company contacts an existing client to sell any other related products the company is providing or if the data subject has been given a reasonable opportunity to object, free of charge, to use his electronic details. pg. 10
7.3 The company may furthermore obtain external lists for marketing purposes.
8.3 Cookies can store a wide range of information, including personal information (such as a user’s name and/or email address etc.).
8.5 The company will ensure that the pop-up banner reappears on a regular basis to remind the user that their personal information if being processed by the company.
9. INFORMATION OFFICER
9.1 The company has appointed an Information Officer to ensure compliance with the POPI Act.
9.2 The company’s appointed information officer is Kyle Collins. The information officer’s contact details are: