Data protection and disclosure of information
As part of our day-to-day business of providing mental wellness services (the “Services”), we need to collect personal information from our clients and potential clients to ensure that we can meet their needs for the provision of or information about the Services.
Your privacy is important to us and it is our policy to respect the confidentiality of information and the privacy of individuals. This notice outlines how we manage your personal information and details your rights in respect of our processing of your personal information.
We process your information in terms of our Protection of Information Policy and Retention of Data Policy. To review same, kindly send a request to the Information Officer: Justine Loewenthal (email@example.com)
Defined terms herein, where not herein defined, are defined within the Protection of Personal Information Act, 2013 (as may be amended or substituted from time to time) (“POPIA”).
Who are we?
This Privacy Notice applies to the processing activities of Bona Dea Centre (the “Practice”). Our reception staff are the Responsible Parties for the processing of your Personal Information.
Any reference to ‘us’, ‘our’, ‘we’ in this Privacy Notice is a reference to both the reception staff and the therapists and doctors respectively. Similarly, any reference to ‘you’, ‘your’, ‘yours’ or ‘yourself’ in this Privacy Notice is a reference to any of our clients and potential clients as a Data Subject, or a Competent Person in respect of such client and potential client that is incompetent, such as a minor child.
Our Privacy Notice will be reviewed from time to time to take account of new obligations and technology, changes to our operations and practices, and to make sure it remains appropriate to the changing environment.
What kind of Personal Information do we collect?
We collect information necessary to fulfil our obligations to our clients in the course of providing the Services.
We may collect the following types of information about you:
Name, address and contact details, date of birth and gender, education and qualifications, employment details, family details, medical aid details, lifestyle and social circumstances, location data, any other similar information.
On occasion the following sensitive Personal Information may be obtained: physical or mental health details, racial or ethnic origin, religious or philosophical beliefs, sexual orientation, genetic data, biometric data. We will only obtain and process this information with your express consent as set out in terms of the relevant contractual terms.
Much of this information is collected in order to establish and assess the reasons for a referral to us as well as whether we can and should provide the Services (and products, where relevant) to you. If you chose not to provide the information required, we may not be able to provide you with the requested product or service.
If you provide us with any Personal Information relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained their consent and/or are a Competent Person in respect to the provision of such Personal Information.
The main activities of the Practice are the provision of psychological services, psychiatry, dietetics, neurofeedback, EEGs and QEEGs. In this respect, by submitting Personal Information (including sensitive personal information) to the Practice, you expressly provide your informed consent for the collection, processing and storage of such Personal Information in respect of yourself or your child and confirm that you are duly authorised to do so as a Competent Person.
How is the Personal Information obtained?
We obtain this information in a number of ways, for example through the provision of intake assessments, interviews with you, relevant and related educators, relevant and related health care professionals, family members, questionnaires etc. as well as from information provided in the course of ongoing services and communication. Additionally, we may obtain Personal Information about you through your use of our websites, apps, or using cookies on our websites, in particular by recording your activity and which pages you look at on our websites (please see below on Cookies).
We may record any communications with you including electronic (including video conference), by telephone, in person or otherwise, which will constitute evidence of the communications between us. This information is collected in compliance with our regulatory duties in relation to our record keeping obligations. It may or may not be retrievable.
Such conversations may be recorded without the use of a warning tone or any other further notice. Further, if you visit any of our offices or premises, we may have CCTV which may record your image and conversations which you acknowledge, understand and accept.
What Lawful Basis do we rely on?
We may be required to collect and use certain types of Personal Information to comply with the requirements of the law and/or regulations, however we are committed to processing all personal information in accordance with POPIA and any other relevant data protection laws and codes of conduct (herein collectively referred to as “the data protection laws”) which are applicable to my Practice and its business.
The data protection laws allow us to only process your data for certain reasons:
- to perform a contract that we are party to;
- to carry out legally required duties;
- for us to carry out our legitimate interests;
- where we obtain your consent;
- to protect your interests; and
- where something is done in the public interest.
All the processing carried out by us falls into the permitted reasons, for example; our use of your personal information in order to comply with our obligations under contract. This includes where a contract is not yet signed but you have requested us to take action as a first step (e.g. provide details of our services).
Where our use of your personal information requires consent, such consent will be provided explicitly by you as set out herein, in the Terms & Conditions entered into by you with a therapist or doctor at Bona Dea Centre or as otherwise provided or procured.
If we rely on your consent as our legal basis for processing your personal information, you then have the right to withdraw that consent at any time by contacting us using the contact details set out in this Privacy Notice; however, the withdrawal of consent may be limited by law or contract or subject to the completing of a relevant service or other similar and related activity. Withdrawal of consent will likely necessitate the termination of services.
We use WhatsApp for communication, which has embedded end-to-end encryption that ensures only the persons you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp. We also utilise email, Microsoft Teams and Zoom. Further information can be provided on request or researched via their respective websites. You consent to us processing personal information via these channels as well as telephonic communication.
What we do with the personal information we obtain?
We may use information held about you in the following ways:
- To provide you with any services and/or information you request from us (which includes carrying out any obligations arising from any contracts entered into between you and us);
- to notify you about changes to our services;
- to provide you with information by post, email, telephone or otherwise about products and services of a similar nature to those you have previously purchased or expressed an interest in which are offered by Justine Loewenthal and which we think may be of interest to you. You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by contacting us by phone or email using the details in the ‘Contact us’ section below. You can unsubscribe from emails by following the unsubscribe instructions included in every email; alternatively, on request to the Information Officer.
- to administer our sites and for internal operations, including troubleshooting, data analysis, load management, testing, research, statistical and survey purposes;
- to improve our sites to ensure that content is presented in the most effective manner for you and for your device;
- to measure or understand the effectiveness of content we serve to you and others, and to deliver relevant content to you;
- for the purposes of providing services such as ‘most popular’ information on our site;
- to obtain your feedback on a product, service or our sites via a third party appointed by us;
- to allow you to participate in interactive features of our sites, when you choose to do so; and
- as part of our efforts to keep our sites safe and secure.
Disclosure of your personal information
We may share the Personal Information we hold about you within the Practice to enable us to better understand your needs and run your accounts in the efficient way that you expect.
We will never sell, trade, or rent your Personal Information to others; however, we may share your information with selected third parties including:
- our service providers, suppliers and sub-contractors for the performance of any contract we have entered into with them. They may then process this data on our behalf to help run some of our internal business operations for example IT services.
- governmental or judicial bodies or agencies to comply with our legal and regulatory obligations;
- non-affiliated companies may sometimes be used to provide certain services such as preparing and mailing reports, account statements and other information, conducting research on client satisfaction;
- data, service and software providers that assist us in the improvement and optimisation of our sites;
Where we share your data with third parties we ensure that your data is held securely and in line with applicable legislation.
How we store Personal Information
Safeguarding the privacy of your information is important to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium.
We hold Personal Information in a combination of secure computer storage facilities and paper-based files and other records and take steps to protect the Personal Information we hold from misuse, loss, unauthorised access, modification or disclosure.
When we consider that Personal Information is no longer needed, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time in line with our regulatory obligations.
If we hold any Personal Information in the form of a recorded communication, by telephone, electronic, in person or otherwise in relation to our regulatory obligations as detailed above, this information will be held in line with local regulatory requirements which will generally be until the minor child turns twenty-one years old, or unless a diagnosed disability is present, in which case the information is kept until the client is deceased.
Where you have opted out of receiving marketing communication we will hold your details on our suppression list so that we know you do not want to receive these communications.
The Retention of Documents Policy contains further information on this and is available on request.
Management and Safeguarding of Personal Information
We always take appropriate technical and organisational measures to ensure that your information is secure. In particular, we train our employees who handle Personal Information to respect the confidentiality of customer information and the privacy of individuals. We regard breaches of your privacy very seriously and will impose appropriate penalties, including dismissal where necessary. We have appointed an Information Officer to ensure that our management of Personal Information is in accordance with this Privacy Notice, applicable policies, and the applicable legislation.
The internet is an open medium and we cannot guarantee that any information you send to us by email or via our sites will not be intercepted or tampered with; any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to prevent unauthorised access.
Your rights as a data subject
The data protection laws give you certain rights in relation to the data we hold on you. These are:
- the right to be notified. This means that we must tell you how we use your Personal Information, and this is the purpose of this Privacy Notice;
- the right of access. You have the right to access the Personal Information that we hold on you. To do so, you should make a subject access request;
- the right for any inaccuracies to be corrected. If any Personal Information that we hold about you is incomplete or inaccurate, you are able to require us to correct it;
- the right to have information deleted. If you would like us to stop processing your Personal Information, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it;
- the right to restrict the processing of the Personal Information. For example, if you believe the Personal Information we hold is incorrect, we will stop processing it (whilst still holding it) until we have ensured that it is correct;
- the right to portability. You may transfer the Personal Information that we hold on you for your own purposes;
- the right to object to the inclusion of any information. You have the right to object to the way we use your Personal Information where we are using it for our legitimate interests;
- the right to regulate any automated decision-making and profiling of Personal Information. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
Where you have provided consent to our use of your Personal Information, you also have the unrestricted right to withdraw that consent at any time subject to contractual obligations. Withdrawing your consent means that we will stop processing the Personal Information that you had previously given us consent to use. There will be no consequences for withdrawing your consent; however, in some cases, we may continue to store and use the Personal Information where so permitted by having a legitimate reason for doing so or where required by law, regulation or by any other competent authorities. We may also not be able to continue our services to you.
You can read more about these rights within section 5 of POPIA.
Transfers of Personal Information outside of South Africa
Your data may be transferred to, stored at, and processed at a destination outside of South Africa by our service providers (eg. Google Workspace and WhatsApp). By submitting your Personal Information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with applicable legislation or other relevant and appropriate laws.
Links to external websites
Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or how such websites collect and use your data. Please check these policies before you submit any Personal Information to these websites.
Access to Personal Information about you
You have the right to request a copy of the Personal Information we hold about you. If you would like a copy of some or all of this information you may contact us as follows:
- Information officer contact details
Full name:Justine Loewenthal
Email address: firstname.lastname@example.org
Telephone number/s: 0115140738
- Bona Dea Centre’s details:
Physical address: 17 Moray Drive, Bryanston
Contact email address: email@example.com
Contact telephone number/s: 0115140738
If any of the information we hold is inaccurate, you can ask us to make any necessary amendments.
Updates to the Privacy Notice
We reserve the right to update this Notice to reflect any legal changes or changes to the way in which we process your Personal Information. The updated Notice will be delivered to you electronically to the details we hold on file and/or published on our website and it will come into effect at the time of publication generally.
If you have any queries regarding privacy issues or the content of this Privacy Notice, you can email us on firstname.lastname@example.org, alternatively, by using the contact details provided above.
What if you have a complaint?
If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via one of the methods set above. You undertake to first make a good faith attempt to resolve same with the Practice. If you are not first satisfied with our response to your complaint, you have the right to then lodge a complaint with our supervisory authority, the Information Regulator. You can find details about how to do this on their website: https://www.justice.gov.za/inforeg/.