1. Last Revision
The last revision on this document was done on the 13th of August 2020.
2. Glossary of terms
Please refer to the glossary of terms.
This Privacy Notice describes our privacy practices to assist you to understand what personal data we collect, use, share and transfer and to inform you about the control and choices you can make in respect of your personal data.
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Superseding the Data Protection Directive 95/46/EC, the regulation contains provisions and requirements related to the processing of personal data of individuals (formally called data subjects in the GDPR) who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects’ citizenship or residence—that is processing the personal information of data subjects inside the EEA.
The Protection of Personal Information Act, No. 4 of 2013, as amended from time to time (or POPI Act) is South Africa’s equivalent of GDPR and is substantively similar to GDPR. It sets out conditions for responsible parties to lawfully process the personal information of data subjects (both natural and juristic persons).
This Privacy Notice is based on General Data Protection Regulation (EU) 2016/679 (GDPR) and applies both to customers and users in both EU and South African jurisdictions. For the purposes of this Privacy Notice Healthcent (Pty) Ltd’s customers and users based in South Africa should interpret the following terms as interchangeable:
|Data Protection Officer (DPO)||Information Officer|
|Information Commissioner’s Office (ICO)||Information Regulator|
Healthcent (Pty) Ltd (“Healthcent”, “we”, “us” and “our”) are committed to ensuring the privacy and security of personal information entered while using the Services of the Signapps Platform. This Privacy Notice communicates how we collect, use, disclose and securely store the Personal Data provided to us through the Mobile and Desktop Applications and our Web Portal. It also explains how you can manage your information preferences.
5. Who we are
For the purposes of this privacy notice, Healthcent (Pty) Ltd (“us”, “we”, or “our”) is the data controller and operates the Services of the Signapps Platform (the “Signapps Platform”) which include our Mobile and Desktop Applications, access to our Web Portal and to our website getsignapps.com
Our registered office address is: 22 Somerset Road, Greenpoint, Cape Town, South Africa, 8051
Our company number is: 2016/115627/07
6. Legal basis for processing
6.1. Our Users
For the personal data of Signapps Users Healthcent (Pty) Ltd are the data controller.
We process your data on the basis of:
- Legal Obligation; and
6.2. Our Customers
Where a contract has been signed with a Customer we process your data on the legal basis of contract
6.3. Support Requests and Enquiries via our Website and Marketing
We process your data, (your name, email address and mobile number that you enter) and any additional personal data you send us on the legal basis of legitimate interest.
For all individuals and users we rely on separate, explicit consent for direct marketing. You may withdraw your consent for direct marketing, fully or for specific purposes at any time by emailing firstname.lastname@example.org; or unsubscribing from any digital marketing material we send you.
6.4. Patient Data
We process a special category of personal data for patients, and Article 9, paragraph 2(h) applies:
“processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”
It should be noted that for the purposes of patient data Healthcent (Pty) Ltd is the processor of data and not the controller of data.
Should you have any queries relating to patient data these need to be directed to the Customer, with whom Healthcent Pty Ltd has contracted, and whose Signapps Carespace you are a member of as they are the controller of patient data.
7. Why do we need your personal data
Healthcent (Pty) Ltd has an obligation in terms of GDPR to take steps to secure access to Signapps Carespaces to only those invited by members of the Signapps Carespace controlled by the data controller in order to enable those members to secure the personal data of the patient, and we do this by processing your name, mobile phone number and/or email address.
Your personal data is required to confirm your identity as a user, for the maintenance of accurate clinical communication records, and to identify you to other users who collaborate with you.
We also offer you the option to display additional personal data in an internal Signapps Directory for other users in the Signapps Carespace to view. Processing of this type of data is a necessity in order to display it on behalf of the user
8. Data Protection Officer
Mr Michael Gluckman is our Data Protection Officer (DPO).
You can contact our DPO at email@example.com
Written communication can be sent to our DPO at: 22 Somerset Road, Greenpoint, Cape Town, South Africa 8051.
9. Collection and processing of personal data
9.1. Personal Data of users necessary for securing personal data about patients
This section refers to the name, mobile phone number and/or email address of users (Healthcare Professionals).
We have determined that processing this personal data is necessary. Healthcent (Pty) Ltd has an obligation in terms of GDPR to take steps to secure access to Signapps Carespaces to only those invited by members of the Signapps Carespace, controlled by the data controller, in order to enable those members to secure the personal data of the patient, and we do this by processing the name, mobile phone number and/or email address of the healthcare professional.
In the context of our role as a controller of this particular personal data of our users, the lawful basis is legal obligation (Article 6, paragraph 1(c)).
Whilst using the services of the Signapps Platform, personal data is generated relating to your professional and/ or clinical activities. This includes user ID date and time stamp relating to messages or media sent (such as PDF files and imagery), and Signapps Patient Threads created and edited. These are obtained by taking any action within the app and form part of the audit trail generated by the Service.
9.2. Other personal data of users
This section refers to the personal data of users (Healthcare Professionals) other than their name, mobile number and email address.
We have determined that processing this personal data is necessary:
We offer the user the option to display additional personal data in the Signapps Directory for other users in the Carespace to view. Processing of this type of data is a necessity in order to display it on behalf of the user.
In the context of Healthcent (Pty) Ltd’s role as a controller of this type of users’ personal data, the lawful basis is consent (Article 6, paragraph 1(a)).
When a user registers on the Signapps mobile app, they are presented a screen, separate to the terms and conditions, requesting consent for processing:
- other personal data including medical field, location of their practice, as provided by them specifically for display in the Carespace directory (optional)
- their contact details for marketing purposes (optional)
Consent is indicated by the user by ticking each box accordingly. The checkboxes are unfilled by default.
Consenting to these processing activities is not a precondition for service.
This screen also details the name of our organisation and explains that they can withdraw consent at any time within the app. We have included instructions for how to find this information in the Frequently Asked Questions section of our website.
Withdrawal of the consent necessary for security will, as appropriate:
- Hide the directory information from other users and trigger a request for erasure; or
- Trigger removal from the marketing list and a request for erasure.
Consents are reviewed annually.
9.3. Personal Data collected for the purposes of providing support
We may also collect information from individuals, users and non-users, who contact us, via email, telephone or our website getsignapps.com. This will include name, email address and telephone number
We may use your personal data for providing the Service, including to:
- Maintain and improve the Service
- Contact individuals for the purposes of preventing or addressing service, security or technical issues
- To answer queries from users directly
- Maintain the service of the platform
We may hold your information in our CRM (Insightly). We use this information to understand the demand for our services and to improve how we operate.