Privacy policy for dr lauren anderson
Introduction
This privacy policy explains how the practice of Dr Lauren Anderson processes your personal information in accordance with the requirements of the Protection of Personal Information Act, 4 of 2013 (“POPIA”). This practice is committed to protecting your privacy and ensure that your personal information is processed properly, lawfully, and transparently.
The Privacy Policy explains the steps taken to protect personal information collected through interactions at the Practice and through the website www.drlaurenanderson.com. The Privacy Policy describes the type of personal information we collect, the purposes for which it is used, your rights regarding personal information about you, security measures and how you can review, object, and correct your personal information held by us.
We encourage all persons to read the Privacy Policy. By using our services or submitting personal information, you acknowledge that you understand and agree to be bound by this Privacy Policy, and agree that Dr Lauren Anderson may collect, process, transfer, use and disclose personal information as described in this Privacy Policy.
IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY PLEASE DO NOT USE ANY OF OUR SERVICES.
What is Personal Information?
As per the Protection of Personal Information Act, 4 of 2013, “Personal Information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-
(a) Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
(b) Information relating to the education or the medical, financial, criminal or employment history of the person;
(c) Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
(d) The biometric information of the person;
(e) The personal opinions, views or preferences of the person;
(f) Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) The views or opinions of another individual about the person; and
(h) The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
Information Officer
As required by POPIA, we have appointed an Information Officer who is responsible for maintaining compliance with the Act. The Information Officer’s duties are as follows:
Encourage compliance with the conditions for the lawful processing of personal information.
Deal with requests made to Dr Anderson in terms of the Act.
Work with the Information Regulator in relation to investigations conducted in terms of Chapter 6 of the Act.
Ensuring compliance with the provisions of the Act
Ensure a compliance framework is developed, implemented, monitored, and maintained.
Ensure a personal information impact assessment is done to ensure that adequate measures and standards exist to comply with the conditions of lawful processing of personal information.
Develop, monitor, maintain and make available a manual in terms of PAIA.
Develop internal measures together with adequate systems to process requests for the information or access thereto.
When requested, the information officer must provide copies of the PAIA manual upon payment of a fee to be determined by the Regulator.
Any deviations from this Privacy Policy, a breach or incident that comes to any person’s attention must be reported to the Information Officer.
What Personal Information Do We Collect?
Personal information that we collect may include but not be limited to:
Parents
Name and Surname, Cell numbers, Email addresses, Physical Address, Medical Aid Details, COVID-19 Information, Medical History
Patients – Children
Name and Surname, Date of Birth, Gender, Medical History
Service Providers/Suppliers
Bank Details, Contact Information, VAT Number, Address
Visitors to Our Website
Name, Email Address, Contact Details
You are not required to provide all this information. However, if you choose not to, we may not be able to provide you with effective service. If you provide us with personal information of third parties, please make sure that you are authorised to do so.
Special personal information is processed in accordance with the legal requirements relating to such information. If you submit any personal information relating to your:
racial or ethnic origin;
political beliefs;
philosophical or religious beliefs;
membership of a trade union or political party;
physical or mental health or genetic makeup;
addictions, sexual life or;
the commission of criminal offenses or proceedings and the associated penalties or fines
It will be handled in accordance with the legal requirements. The information will only be collected and processed:
with your consent;
if the processing is necessary for the establishment, exercise or defence of a right or obligation in law;
the processing is necessary to comply with an obligation of international public law;
If any of the authorisations set out in s28 – s33 of POPIA exist.
We will always ensure that the processing of special personal information is done in a way that does not adversely affect your privacy to a disproportionate extent.
We will not use or disclose special personal information for purposes other than those for which it was collected unless we subsequently receive your consent to use it for another purpose.
Sources of Personal Information Collected
We collect information directly from you unless it is unreasonable or impracticable to do so. Where possible, we will inform you what information you are required to provide to us and what information is optional.
Generally, the collection will occur when:
You contact us in person, by telephone or email.
Submit a request on our website
During consultations
We receive your personal information from a third party. We may collect personal information about you when you:
Make enquiries about our services and through consultation.
Submit a request via our website
Engage with us to provide professional services.
We will notify authorities immediately where the law requires regarding certain notifiable diseases.
In some circumstances, it may be necessary for us to collect personal information about you from a third party. Where this occurs, we will rely on the authority (through consent or law) of the person providing us with the personal information. By providing your personal information to us, you will be deemed to have consented to your personal information being collected by us and used and disclosed in accordance with this Privacy Policy.
You must let us know immediately if you become aware that your personal information has been provided to us without your consent or if you did not obtain the consent of another person or persons to provide us with their personal information.
Why Do We Collect Your Personal Information?
Subject to the terms of this Privacy Policy, we will use your personal information only for the purposes for which it was collected and agreed upon with you.
We will only process your personal information for lawful purposes as set out below:
To conclude or perform in terms of a contract.
To comply with an obligation imposed by law on us as the responsible party.
To protect your legitimate interests
To pursue our legitimate interests or the legitimate interest of a third party to whom the information is supplied.
Where none of the abovementioned processing purposes are available, if you have consented to the processing for the relevant purpose
Unless otherwise stated specifically, the information may be used for the following purposes:
to administer a service to you
to make an online appointment
to assess any medical treatment you may require
for statistical and research purposes
to provide you with advice and new practice information, should it become available
to gather contact information
to respond to your enquiries and/or requests
Internal accounting and administration
Regulatory reporting and compliance
To comply with our legal obligations
The practice strives to maintain the quality, accuracy, and completeness of your personal information which we process. The quality of personal information degrades over time, and you can assist us by contacting us if there are any changes to your personal information or if you become aware that we have inaccurate personal information of you. We will not be held responsible for any losses arising from poor quality personal information which is inaccurate or incomplete, that is provided to us by yourself or person acting on your behalf.
Disclosure of Personal Information
In certain instances, we provide your personal information to third parties. We do not sell, rent, or trade any personal information to any third parties. The practice does not sell, re-sell or distribute your personal information for re-sale.
We will only disclose your personal information to third parties as per the information set out in this Privacy Policy.
We will not disclose any personal information without your consent unless we reasonably believe that the disclosure is required in terms of an obligation imposed by law, if it is necessary for the proper performance of a public law duty by a public body, to protect your legitimate interest or the legitimate interest of us or a third party or if you have specifically requested us to do so.
We sometimes disclose your personal information to third parties for them to process such information on our behalf in terms of a contract or mandate. We have notified all such parties to which we disclose your personal information either through signed operator agreements or notification that we comply with the requirements of POPIA and expect them to treat your personal information with the level of security they would treat their own and in accordance with the requirements of POPIA (especially the requirements of Condition 7 – Security Safeguards).
Processing the Information of Children
Due to the nature of this business, we are required to process the personal information of children (natural person under the age of 18).
We will only process the personal information of a child if the processing is –
Carried out with the prior consent of a competent person (usually parent or guardian)
Necessary for the establishment, exercise, or defense of a right or obligation in law
Necessary to comply with an obligation of international public law.
Of personal information which has been deliberately made public by the child with the consent of the competent person
If you are a competent person and are aware that your child or children have provided us with personal information, please contact us. If we become aware that we have collected or processed the personal information of children without verification or the consent of a competent person, we will take steps to delete or destroy the information.
Trans-border Flow of Personal Information
In certain instances, we may disclose your personal information to third parties that are based in foreign countries. The transfer of this information will only be completed if:
the third party who is the recipient of the information is subject to a law, binding corporate rules or binding agreement which provide an adequate level of protection.
You consent to such transfer.
The transfer is necessary for the performance of a contract between you and us, or for the implementation of pre-contractual measures taken in response to a request from you
The transfer is necessary for the conclusion or performance of a contract concluded between ourselves and the third party that is in your interest; or
The transfer is for your benefit and
o it is not reasonably practicable to obtain the consent of the data subject to that transfer; and
o if it were reasonably practicable to obtain such consent, the data subject would be likely to give it.
Although we will take every precaution, it is possible that your personal information will be transferred to a third party in a foreign country that is in a jurisdiction where you will not be able to seek redress under POPIA and does not have an equivalent level of data protection as in South Africa. We will not be held liable for how such third parties process your personal information.
Security
The practice is committed to protecting the security of personal information. While no security measures can guarantee against compromise, we use a variety of security technologies and procedures to help protect data from unauthorised access, use, or disclosure. Although these measures are in place, the transmission of data over the internet is never completely secure and as such we cannot guarantee the security of data transmitted to or by the practice.
Your personal information is stored in:
Computer systems
In hard copy or paper files
We have implemented and maintain appropriate technical and organisational measures to ensure a level of security appropriate to protect personal information and prevent:
loss of, damage to or unauthorised destruction of personal information; and
unlawful access to or processing of personal information.
The practice is housed in an office complex with perimeter security and 24-hour boom access via security guards.
Retention of Data
The practice will retain personal information only for as long as is necessary for the purposes set out in this Privacy Policy unless there is a valid technical, legal or business reason for it to be deleted, destroyed or de- identified.
We may keep some of your personal information:
For as long as it is required by law
If it is required by a code of conduct
If it is reasonably needed for lawful purposes related to our functions and activities; or
If it is reasonably required for evidentiary purposes
Your Rights
The Right to be Notified
You have the right to be notified when your personal information has been accessed or acquired by an unauthorised person.
When this occurs, we will notify the Information Regulator and you of the breach as soon as reasonably possible after discovering the breach.
This will be communicated to you in one of the following ways:
By mail (to last known address)
By email (to last known email address)
Placed in a prominent position on our website.
Published in the news or media.
As may be directed by the Information Regulator.
The Right to Establish Whether We Hold Your Personal Information and to Request Access to Such Information
You have the right to be informed of whether we process personal information of you, receive a copy of such information and how we process your personal information.
You can also request the above relating to any third parties.
To do this, please use the contact details set out at the bottom of this Privacy Policy and specify what information you require.
We will try and provide you with suitable means of accessing the requested information, where you are entitled to it.
Note that you will be requested to provide identification before we can consider such requests
Requests for the personal information we hold will be done free of charge however a fee may apply for such information processed by third parties.
There may be instances where we cannot grant access to your personal information. If we refuse access, we will give written reasons for the refusal.
The Right to Request Correction, Destruction or Deletion of Personal Information
You may request us to correct or delete any information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or obtained illegally.
If you believe that any personal information that we hold about you is excessive or has been unlawfully obtained or that we are no longer authorised to retain it, you may ask us to destroy or delete it.
If we do not agree that there are grounds for action, you may ask us to add a note to the personal information stating that you disagree with it.
We will require a copy of your identification document to confirm your identity before we will release this information.
Once this is completed, we will notify you of such.
The Right to Object to Processing in Certain Circumstances
You may object at any time to the processing of your personal information in the prescribed form on reasonable grounds to your situation unless legislation prohibits such objection.
You can object to the processing of your personal information for the purposes of direct marketing at any time.
The Right to Submit a Complaint to the Information Regulator
Any person may submit a complaint to the Information Regulator alleging interference with the protection of the personal information of a data subject.
Interference with the protection of personal information means:
o Any breach of the 8 conditions for the lawful processing of personal information
o Non-compliance with section 22 (notification of security compromise), 55 (duty of confidentiality), 69 (direct marketing), 70 (directories), 71 (automated decision making) or 72 (transborder flow of information)
o A breach of the provisions of a code of conduct (currently only one for the Credit Bureau)
The Right to Institute Civil Proceedings
You (or the Information Regulator at the request of yourself) may institute civil proceedings for damages against you for a breach which you deem to be interference with the protection of your personal information.
The Right to Restrict the Processing of Personal Information
We will restrict the processing of Personal Information in the following circumstances:
You have contested the accuracy of personal information, for a period which enables us to verify the accuracy of the information,
The processing is unlawful, and you oppose the destruction or deletion and request us to restrict it instead
You have requested us to transmit the personal data into another automated processing system.
All requests must be made in the prescribed manner and form. The various forms are available from the Information Regulator.
Complaints to the Information Regulator
If you would like to make a compliant to the Information Regulator about the processing of your personal information, complete Form 5 available on the website of the Information Regulator. The Information
Regulator’s details are as follows:
The Information Regulator
PO Box 31533
Braamfontein 2017
Complaints: Complaints.IR@justice.gov.za
General Information: inforeg@justice.gov.za
Changes to this Privacy Policy
The practice may occasionally update this Privacy Policy. When we do, we will revise the “last updated” date as set out below.
This Privacy Policy was last updated on 02 January 2022.
Acknowledgement of the Terms of the Policy
Kindly note, that when you click on the link to this policy or request a copy of the policy, we accept that:
You have read the contents of the policy
You have acknowledged that you understand the contents of the policy
You do not have any issues with the contents of this policy
You have no objections to your personal information being processed as set out in this policy
Contact Us
If you have questions regarding this Privacy Policy or our handling of personal information, please contact us as follows:
Information Officer: Dr Lauren Anderson
Email: drlaurenandersongp@gmail.com