Last updated 05/09/2023


INTRODUCTION

We, RevitaHealth, respect the privacy of our users. We use cookies on www.revitahealth.co.za. By using the Site, you consent to the use of cookies.


This Privacy & Cookies Policy explains how we collect, use, disclose, and safeguard your information when you visit our website including any other media form, media channel, mobile website, or mobile application related to or connected thereto (collectively, the “Site”). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.


We reserve the right to make changes to this Privacy & Cookies Policy at any time and for any reason.

DATA PROTECTION POLICY

PROTECTION OF PERSONAL INFORMATION ACT 4 Of 2013 DATA PROTECTION POLICY IN RESPECT OF REVITAHEALTH & WWW.REVITAHEALTH.CO.ZA WEBSITE

WHAT IS REVITAHEALTH?

  • RevitaHealth is a health ecommerce website.

  • RevitaHealth is in Western Cape, South Africa.

  • Chanel van Sittert has been duly appointed to be the Information Officer of RevitaHealth and is the person with whom to liaise in relation to the Protection of Personal Information Act 4 of 2013 (“the Act”).

PURPOSE OF THIS DOCUMENT

This document sets out:

  • What personal information RevitaHealth & www.revitahealth.co.za processes,

  • Why it collects this information and what it is used for,

  • How it stores that information and for how long; and

  • How you can contact RevitaHealth to ask them about your personal information.

  • You can find this document on the RevitaHealth website located www.revitahealth.co.za

  • or you can request a copy of it from the Information Officer, using the details below.

THE PURPOSE OF THE ACT

The purpose of the Act is to ensure the protection of personal information which is processed by public and private institutions. It does this by:

  • introducing certain minimum requirements when it comes to the processing of personal information,

  • allowing for the creation of a regulator to enforce the various provisions of the Act;

  • allowing for codes of conduct to be issued that apply to all private and public bodies that process personal information;

  • protecting your rights as a data subject when it comes to receiving unsolicited electronic communications and where decisions relating to your personal information are made by an automated system; and

  • to regulate when and how your personal information may be sent outside the borders of South Africa.

SOME IMPORTANT DEFINITIONS

In order to make sense of your rights in terms of this document, it is important that certain definitions contained in section 1 of the Act are explained:


Data subject: This is the person to whom the personal information relates. Personal Information: This is extensively defined as follows:

  • Information relating to your race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth;

  • Information relating to your education or to your medical, financial, criminal or employment history;

  • Any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other assignment particular to you;

  • Your biometric information;

  • your personal opinions, views or preferences of the person;

  • correspondence sent by you that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

  • the views or opinions of another individual about you; and

  • your name if it appears with other personal information relating to you or if the disclosure of your name itself would reveal information about you.

  • and divided into two categories of “personal information” which may generally be processed, as long as the minimum requirements of the Act are met, and “special personal information” which may not generally be processed unless specific exceptions apply as defined in the Act.

Processing: this includes any of the following actions in relation to personal information:

  • the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;

  • dissemination by means of transmission, distribution or making available in any other form; or

  • merging, linking, as well as restriction, degradation, erasure or destruction of information

Record: this refers to personal information in the possession or under the control of a responsible party (regardless of who created it or when it was created) which is in any of the following forms:

  • writing on any material;

  • information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;

  • label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means;

  • book, map, plan, graph or drawing;

  • photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;

Responsible party: means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information. In this case, RevitaHealth is the Responsible Party.

Operator: this is a person who processes personal information on behalf of a Responsible Party in terms of a contract or mandate.

Filing system: any structured set of personal information, whether centralised, decentralised or dispersed on a functional or geographical basis, which is accessible according to specific criteria.

CONTACT DETAILS OF INFORMATION OFFICER

Attention:

Chanel van Sittert

Physical address:

Paarl MediCentre, 3 New Eskdale Street, de Zoete Inval, Paarl, 7646

Telephone:

021 180 4650

E-mail:

info@revitahealth.co.za

WHAT PERSONAL INFORMATION IS HELD BY REVITAHEALTH?

Personal information belonging to juristic persons:

  • natural person, company or close corporation identity/registration number, business logo, personal/business e-mail addresses, the physical and postal address, telephone number and location information.

  • Personal information belonging to natural persons:

    • Where clients are natural persons: full name, e-mail addresses, the physical and postal address, telephone number and location information.

    • Information belonging to natural persons who are representatives of juristic persons: full name, business e-mail address, place of employment, address of employer and business telephone number.

WHY IS THE PERSONAL INFORMATION ABOVE COLLECTED BY REVITAHEALTH AND WHAT IS IT USED FOR?

PERSONAL INFORMATION BELONGING TO CLIENTS OF REVITAHEALTH:

  • RevitaHealth requires the information collected from its clients, that are both natural and juristic persons, to provide them with products, service and educational online courses. RevitaHealth processes the information necessary to provide these services and products. RevitaHealth may make this information available to operators to ensure that the services are provided to the very best of RevitaHealth abilities and to the highest standards. All operators have signed documentation confirming that personal information received from RevitaHealth is to be used solely to the purpose for which it is given to them. Such operators are prohibited from further processing the personal information given to them and have confirmed that they have systems in place that make sure that they are compliant with the requirements of the Act.

THE PERSONAL INFORMATION SOUGHT BY REVITAHEALTH IS MANDATORY IN NATURE. SHOULD SUBSCRIBERS NOT PROVIDE THE PERSONAL INFORMATION SOUGHT, REVITAHEALTH WILL NOT BE ABLE TO PROVIDE ITS SERVICES.

PERSONAL INFORMATION BELONGING TO EMPLOYEES OF REVITAHEALTH

  • RevitaHealth is committed to good governance and compliance. No personal information in respect of any employees will be used for any other reason besides what it is provided for. Any staff database kept by RevitaHealth will be for the purpose of managing the employment relationship between RevitaHealth and its employees only. No personal information pertaining to any employee will be provided to any third person unless in accordance with the Act, any relevant Labour Law legislation or with the express consent of the employee.

PERSONAL INFORMATION BELONGING TO THIRD PARTY SERVICE PROVIDERS OF REVITAHEALTH

  • RevitaHealth requires the information collected from third party service providers that are both natural and juristic persons in order to do business with them. RevitaHealth takes its compliance obligations very seriously and requires the information processed in order to conclude agreements regarding the relationship between RevitaHealth and its service providers, many of whom may be operators as defined in the Act.

  • RevitaHealth processes the information necessary in order to provide these services and to conclude these agreements. RevitaHealth may make this information available to other operators to ensure that the services are provided to the very best of RevitaHealth’s abilities and to the highest standards for its clients. All operators and third-party service providers have signed documentation confirming that personal information received from RevitaHealth and its operators is to be used solely to the purpose for which it is given to them. Such operators and third parties are prohibited from further processing the personal information given to them and have confirmed that they have systems in place that make sure that they are compliant with the requirements of the Act.

THE PERSONAL INFORMATION SOUGHT BY REVITAHEALTH IS MANDATORY IN NATURE. SHOULD THIRD PARTIES AND OPERATORS NOT PROVIDE THE PERSONAL INFORMATION SOUGHT REVITAHEALTH WILL NOT BE ABLE TO CONCLUDE AGREEMENTS WITH THEM AND THEREFORE NOT DO BUSINESS WITH THEM.

WHERE IS THE PERSONAL INFORMATION COLLECTED BY DR AL REVITAHEALTH STORED AND WHAT SECURITY MEASURES ARE IN PLACE?

  • Personal information is stored both electronically and in hard copy in RevitaHealth’s filing system(s).

  • Electronic information is encrypted and stored on a cloud-based system. Personal information is also saved on the RevitaHealth PC and laptops.

  • RevitaHealth has a physical security policy as well as a policy pertaining to the use of electronic data by employees which policies are internal and kept by the Information Officer. These policies are not available to the public safe where RevitaHealth is forced to make same available in terms of law so as to protect the information held by RevitaHealth.

WHEN REVITAHEALTH MAKE PERSONAL INFORMATION AVAILABLE TO THIRD PARTIES (OTHER THAN OPERATORS)

RevitaHealth will not reveal any personal information to anyone outside of RevitaHealth unless:

  • It is compelled to comply with legal and regulatory requirements or when it is otherwise allowed by law.

  • It is in the public interest.

  • RevitaHealth needs to do so to protect their rights.

  • RevitaHealth is running a partnership programs – clients are asked to agree to their information being shared with partners or clients who are running the programs.

RevitaHealth endeavours to take all reasonable steps to keep secure any information which they hold about an individual, and to keep this information accurate and up to date. If at any time, an individual discovers that information gathered about them is incorrect, they may contact RevitaHealth to have the information corrected. Where information has been disclosed to employees of RevitaHealth, RevitaHealth has agreements in place to ensure that compliance with confidentiality and privacy conditions.

RevitaHealth recognises the importance of protecting the privacy of information collected about individuals, in particular, information that can identify an individual (“personal information”).

TRANSBORDER INFORMATION FLOWS

  • RevitaHealth will not transmit personal information internationally, unless consent has been obtained, or it is necessary to perform our contractual obligations, and it benefits our subscribers or third-party service providers. If personal information is transmitted internationally, we ensure that it is subject to data protection laws that are substantially similar to POPIA (e.g., European Union GDPR and other country specific information privacy protection laws).

FOR HOW LONG IS PERSONAL INFORMATION KEPT BY REVITAHEALTH?

CONSUMER PROTECTION ACT NO. 68 OF 2008, as amended:

The Consumer Protection Act seeks to protect the interests of Consumers and as such requires RevitaHealth as a service provider to retain and maintain the following records of consumers for a period of at least 3 years:

  • Full names, physical address, postal address and contact details;

  • ID number and registration number;

  • Contact details of public officer in case of a juristic person;

  • Service rendered;

  • Intermediary fee;

  • Cost to be recovered from the consumer;

  • Frequency of accounting to the consumer;

  • Amounts, sums, values, charges, fees, remuneration specified in monetary terms;

  • Disclosure in writing of a conflict of interest by the intermediary in relevance to goods or service to be provided;

  • Record of advice furnished to the consumer reflecting the basis on which the advice was given;

  • Written instruction sent by the intermediary to the consumer;

  • Conducting a promotional competition refer to Section 36(11) (b) and Regulation 11 of Promotional Competitions;

  • Documents in respect of Section 45 and Regulation 31 for Auctions.

ACCESS TO AND CORRECTION OF INFORMATION

  • Clients, employees and third parties have the right to access the personal information RevitaHealth holds about them. Clients and other people whose data RevitaHealth holds also have the right to RevitaHealth to update, correct or delete their personal information on reasonable grounds. Once a client or such other person objects to the processing of their personal information, RevitaHealth may no longer process said personal information unless RevitaHealth is obliged to in terms of its contractual obligations. RevitaHealth will take all reasonable steps to confirm its client’s identity before providing details of their personal information or making changes to their personal information;

  • All employees have a duty of confidentiality in relation to the Company and clients. Information on subscribers: Our subscribers’ right to confidentiality is protected in the Constitution and in terms of ECTA. Information may be given to a 3rd party if the subscriber has consented in writing to that person receiving the information or if it is required by law.

  • If RevitaHealth duly and diligently searches for a record and it is believed that the record either does not exist or cannot be found, the client or requester will be notified accordingly. This notification will include the steps that were taken the attempt to locate the record.

DELETION AND DESTRUCTION OF INFORMATION

  • Clients, employees and third parties have the right to access the personal information RevitaHealth holds about them. Clients and other people whose data RevitaHealth holds also have the right to ask RevitaHealth to update, correct or delete their personal information on reasonable grounds. Once a client or such other person objects to the processing of their personal information, RevitaHealth may no longer process said personal information unless RevitaHealth is obliged to in terms of its contractual obligations. RevitaHealth will take all reasonable steps to confirm its clients’ identity before providing details of their personal information or making changes to their personal information.

AMENDMENTS TO THIS POLICY

  • Amendments to, or a review of this Policy, will take place on an ad hoc basis. Clients are advised to access www.revitahealth.co.za periodically to keep abreast of any changes. Where material changes take place, these will be posted on our website. Unless otherwise stated, the current version of this Policy posted on our website shall supersede and replace all previous versions of this Policy.