Privacy Notice

10. Location of storage and processing of data

GDPR’s security requirements also apply to sub-processors Healthcent (Pty) Ltd utilises to deliver it service as detailed in Section 2 Article 32.

All sub-processors we have selected for integration into the Signapps platform provide sufficient guarantees about their security measures in contract.

The following list of sub-processors is used by Healthcent in respect of the Signapps platform and is updated from time to time. GDPR reference material and terms of service are also referenced.


10.1. Infrastructure

Amazon Web Services

The personal data that we collect from you is stored in the European Union on (Europe) Cloud Servers of Amazon Web Services with all primary processing taking place in Ireland.

All generally available, AWS, services and features adhere to the privacy and data protection standards required of data processors by the GDPR. AWS is compliant with rigorous international standards, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5).





Mongo Atlas hosted by Mongo



10.2. Analytics and Logging

Amazon Web Services




Elastic Search







10.3. Customer Support






11. Sharing of information

We do not share your information with anyone outside Healthcent (Pty) Ltd without your explicit permission to do so.

Healthcent will not distribute any of your personal information or Client Data, to third parties, unless this is required to deliver the Services to you.

In addition, Healthcent may be obligated to disclose personal information to meet any legal or regulatory requirements of applicable laws.


12. Security Measures

Healthcent has implemented technology, policies and processes aimed at protecting the confidentiality, integrity and availability of your personal information. We will update and refine these measures on an ongoing basis.

We will take reasonable steps to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration and destruction. However, no internet transmission is ever fully secure or error free and your use of the Services of the Signapps Platform is at your own risk and we will not be liable for any loss misuse, unauthorised access, disclosure, alteration and destruction in this regard, unless occasioned due to gross negligence or wilful misconduct.

Should you require more information about our policies and security measures please email our Data Protection Officer at:


13. Cookies

We may store some information (commonly known as a “cookie”) on your computer when you visit our website. This enables Healthcent to recognise you during subsequent visits. The type of information gathered is non-personal such as: the IP address of your computer, the date and time of your visit, which pages you browsed and whether the pages have been delivered successfully.

Apart from merely establishing basic connectivity and communications, Healthcent may also use this data in aggregate form to develop customised services – tailored to your individual interests and needs. Should you choose to do so, it is possible (depending on the browser you are using), to be prompted before accepting any cookies, or to prevent your browser from accepting any cookies at all. This will however cause certain features of the Healthcent website not to be accessible.


14. Device data logging

When you access the Signapps Platform using the Signapps Mobile or Desktop applications, we collect certain data automatically, including, but not limited to, the manufacturer of your mobile device, the mobile device’s IMEI number, the IP address of your device, your operating system, the type of mobile internet browser you use.


15. Retention of Personal Data

We will not retain your Personal Data for longer than is necessary.

The account details are stored for the duration of you maintaining an account for the original purpose for which it was collected. We may however be required to retain your personal data for the purposes of satisfying any legal (specifically medico-legal), or other reporting requirements.

  • Personal data of users necessary for securing personal data of patients – The user is informed at the time of collection on-screen in the app in a layered approach, and it is available in our Privacy Policy.
  • Other personal data of users – The user is informed at the time of consent, either on-screen in the app in a layered approach, or by email to the specified email address. The privacy information is also available in our Privacy Policy.


16. Data Subject Rights


16.1. Right to be informed

Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.

The method of informing someone about the collection and use of personal data depends on the type of personal data defined in Section 7 of the GDPR Act:

The user is informed at the time of consent, either on-screen in the app in a layered approach, or by email to the specified email address.

Further information is provided about processing in this Privacy Notice.


16.2. Right of access

You are entitled to request a copy of the all personal data currently held about you as well as the following information about your data:

  1. The purpose of processing;
  2. The categories of personal data concerned;
  3. The recipients to whom the personal data has been disclosed;
  4. The retention period for that personal data;
  5. The source of the personal data if it has been collected from a third-party.
  6. Right to Rectification


16.3. Right to Rectification

We enable right of rectification for you in one of two ways:

  • As the user you are able to edit their own personal data using the Signapps Platform.
  • We can rectify the data for you on your behalf.


16.4. The Right of Erasure

You may request erasure of any personal data of uses necessary for securing personal data of patients we hold on you without undue delay where one of the following grounds apply:

  1. The personal data are no longer necessary in relation to the purposes they were collected or otherwise processed;
  2. The data subject withdraws consent and no other legal ground for processing exists;
  3. The data subject exercises the right to object and no overriding legitimate grounds for processing exist;
  4. The personal data has been unlawfully processed;
  5. The personal data has to be erased for compliance with an overriding legal obligation;
  6. The personal data has been collected in relation to the offer of information society services.


16.5. The Right of Restriction

As an alternative to the right to erasure, you may ask us to cease processing your data, but not erase it entirely. This right right applies when:

  • The personal data has been unlawfully processed and the individual opposes erasure and requests restriction instead;
  • We no longer need the personal data (for patient personal data: the retention period is about to pass) but the individual needs you to keep it in order to establish, exercise or defend a legal claim;
  • The individual has objected to us processing their data under Article 21(1), and we are considering whether our legitimate grounds override those of the individual.


16.6. The Right of Portability

The right to data portability does not apply where the lawful basis is legal obligation or consent and where the processing is not by automated means.


16.7. The Right to Object

The right to object does not apply where the lawful basis is legal obligation or consent.


17. How to exercise your rights

You may send us a request to exercise any of the above rights by emailing us at:

We will respond without delay and within one month. We also have a responsibility to verify the identity of the person making the request before we confirm that we process any personal data of the data subject concerned. Our method of identity verification is the provision of government-issued photo ID.

The request for restriction is recorded, considered and responded to in accordance with the Personal Data Requests Procedure. In cases where the restriction can be lifted, the individual is notified before it is lifted.


18. Questions and complaints

Should you lodge complaint you should contact the DPO at email address:

If you are unsatisfied with the DPO’s response to the complaint lodged then, Under Article 77 of the GDPR you have the right to lodge a complaint directly with the Information Commissioner’s Office (ICO).

Under Article 80, you may authorise certain third parties to make a complaint on your behalf.


19. Changes to this privacy notice

This privacy notice may be updated periodically and without prior notice to you to reflect changes in our information practices or relevant laws. We will post a notice on our website,, and send you an email to notify you if there are any substantive changes to the way we collect and use information. We will indicate at the top of the privacy notice when it was last updated.

Unleash the power of digital transformation in your Health and Social Care organisation