​

​1. ABOUT US

1.1. This Privacy Notice sets out how your personal information will be used by HealthWareX. It applies to personal information you give to us or which we may collect from third parties.
1.2. HealthWareX is a company registered according to the laws of the Republic of South Africa; with its primary place of business at 152 Main Rd, 1st Floor Hillcote House, Office 5, Muizenberg, Cape Town, 7950.
1.3. HealthWareX is a “Responsible Party” in respect of the personal information described in this Privacy Notice. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this Privacy Notice.
1.4. It is important that you read this Privacy Notice carefully before submitting any personal information to HealthWareX.

2. DEFINITIONS

2.1. For purposes of this Privacy Notice:

2.1.1. "data subject" or "you" means an identifiable living individual or, where applicable, and identifiable existing legal entity (e.g. a private company, a publicly listed company, a trust or partnership, etc) about whom HealthWareX holds personal information. All data subjects have legal rights in relation to their personal information. For the purposes of this Privacy Notice, data subject refers to any third party of HealthWareX, for example our customers, suppliers, contracting parties, business partners, website users, etc;
2.1.2. "end user" means a user of our HWX services, for example, healthcare professionals, hospital staff, authorised users of our clients, etc;
2.1.3. "IO" means the information officer appointed as such by HealthWareX in terms of privacy laws. This person is responsible for making sure that HealthWareX follows the rules set out in privacy laws;
2.1.4. "HealthWareX", "us/we/our" means HealthWareX Proprietary Limited; and all its branches, offices and business areas;
2.1.5. "HW services" means any service offered by HealthWareX through electronic means, including but not limited to the HealthWare Medical Technology software solution, online portals, and interactive customer websites, and shall include the content and information provided or exchanged as part of such services, and a reference to “HW services” refers to any one of them as the context may require;
2.1.6. "personal information" means information relating to an identifiable, living, natural person, and (where applicable) an identifiable, existing juristic person, including the name, race, gender, marital status, address and identifying number of a person, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

2.1.7. "POPIA" means the Protection of Personal Information, 2013 and any regulations or codes of conduct promulgated thereunder;
2.1.8. "privacy laws" means all laws and regulations applicable to personal information that is processed by or on behalf of HealthWareX, and includes POPIA;
2.1.9. "Privacy Notice" means this Public Privacy Notice;

2.1.10. "process" means any activity that involves the use of personal information. It includes any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including:

2.1.10.1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
2.1.10.2. dissemination by means of transmission, distribution or making available in any other form; or
2.1.10.3. merging, linking, as well as restriction, degradation, erasure or destruction of information;

2.1.11. "Regulator" means the applicable regulatory authority overseeing and enforcing compliance with privacy laws;
2.1.12. "responsible party" is the person who or organisation which determines the purposes for which, and the manner in which, any personal information is processed. They have a responsibility to establish practices and policies in line with privacy laws. HealthWareX is the responsible party of all personal information used in its business. Any affiliates of HealthWareX are a responsible party in their own right;
2.1.13. "special personal information" means Personal Information concerning the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject; or the criminal behaviour of a data subject to the extent that such information relates to the alleged commission by a data subject of any offence. It also covers information about a Data Subject’s criminal behavior if it relates to alleged crimes they might have committed, or any legal proceedings related to those alleged crimes; and
2.1.14. "website" means the HealthWareX website with address https://www.healthware.healthcare.

​

3. SCOPE AND APPLICATION

3.1. This Privacy Notice applies to you if you are a:

3.1.1. potential, current or former client of ours (including representatives, personnel, and end users of our HW services);
3.1.2. potential, current or former supplier of services to us (including representatives and/or personnel);
3.1.3. an applicant for any job opportunities with us;
3.1.4. a party involved in contractual discussions with us, or an existing or former counter in a contractual relationship with us (including representatives and/or personnel);
3.1.5. a visitor on our website; or
3.1.6. any other third party data subject whose personal information is processed by or on behalf of HealthWareX.

3.2. Under privacy laws, there are a number of reasons that HealthWareX may rely on when processing personal information, namely:

3.2.1. when the data subject has given consent;
3.2.2. where processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party;
3.2.3. where processing complies with an obligation imposed by law on HealthWareX;
3.2.4. where processing is necessary for the proper performance of a public law duty by a public body;
3.2.5. where processing protects a legitimate interest of the data subject; or
3.2.6. where processing is necessary for pursuing the legitimate interests of HealthWareX or of a third party to whom the information is supplied.

3.3. By providing us with your personal information, you acknowledge that HealthWareX may rely on any of the reasons mentioned above when processing your personal information as set out in this Privacy Notice, unless your explicit consent is required by applicable law (for example, for direct marketing communications).
3.4. Please do not provide us with any personal information if you do not agree with any of the provisions of this Privacy Notice. If you do not agree with any part of this Privacy Notice, we may not be able to provide our products and services to you.
3.5. You have the right to withdraw your consent for a specific processing activity at any time. To withdraw your consent, please contact the IO. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
3.6. In most circumstances, providing your personal information to us is voluntary. Sometimes, it may be compulsory to provide your personal information to us. If you fail to provide certain information when requested, we may not be able to perform the services you requested from us or we may be prevented from complying with our legal obligations.

​

4. HOW TO CONTACT US

If you have any comments or questions about this Privacy Notice or how we handle your personal information, please contact the Information Officer.
IO Name:

Jason McArthur
E-mail address:
jason@healthware.healthcare

5. CHANGES TO THIS PRIVACY NOTICE

5.1. We may change this Privacy Notice from time to time for any of the following reasons:

5.1.1. to provide for the introduction of new systems, methods of operation, services, products or facilities;
5.1.2. to provide for any changes to our processing activities;
5.1.3. to provide for any changes to our entity’s or IO’s details;
5.1.4. to comply with developments in, or changes to, applicable laws or guidance notes or requirements issued by a Regulator from time to time; or
5.1.5. for any other reason which we, in our sole discretion, may find reasonable or necessary.

5.2. Any such change will automatically come into effect and become part of any agreement you have with HealthWareX. We may notify you of any material changes that we make by publication on our website, however please ensure that you regularly check the website.

6.INFORMATION WHICH WE MAY COLLECT ABOUT YOU

6.1. We may collect the following information about you:

6.1.1. name, gender, age and date of birth;
6.1.2. contact information, such as address, email, and mobile phone number;
6.1.3. country of residence;
6.1.4. lifestyle and social circumstances (for example, your hobbies);
6.1.5. family circumstances (for example, your marital status and dependents);
6.1.6. employment and education details (for example, the organisation you work for, your job title and your education details);
6.1.7. financial and tax-related information (for example your income, investments and tax residency);
6.1.8. postings or messages on any blogs, forums, platforms, wikis or social media applications and services that we provide (including with third parties);
6.1.9. IP address, browser type and language, login details, and your access times;
6.1.10. information in any complaints you make;
6.1.11. details provided by you in any training sessions we provide relating to our HW services;
6.1.12. details of how you use our HW services;
6.1.13. CCTV footage and other information we collect when you access our premises;
6.1.14. details of how you like to interact with us, and other similar information relevant to our relationship; and
6.1.15. sensitive or special personal information, including biometric information, such as images, fingerprints, and voiceprints.

6.2. Where you provide us with the personal information of third parties:

6.2.1. you should take steps to inform the third party that you need to disclose their details to us, identifying us; and
6.2.2. you warrant that you are authorised to provide us with such information and that you have complied with applicable law (for example, obtaining patient consents, directing them to our Privacy Notice, etc) in doing so.

​

7. HOW WE COLLECT INFORMATION

7.1. Directly – We could collect personal information directly from you in many ways, e.g. from your business card, if you complete our online forms, subscribe to our newsletters and preference centre, register for webinars, attend meetings or events we host, visit our offices or apply for open roles. We may also collect personal information directly when, for example, where we are establishing a business relationship, performing professional services through a contract, or through our hosted software applications.
7.2. Indirectly – We may collect personal information indirectly about you from many sources, including recruitment services and our clients. We may attach personal information to our customer relationship management records to better understand and serve our business clients, subscribers and individuals, satisfy a legal obligation, or pursue our legitimate interests.
7.3. Public sources — Personal information may be obtained from public registers (such as Companies and Intellectual Property Commission), news articles, sanctions lists, and Internet searches and other similar public platforms.
7.4. Social and professional networking sites — If you register or login to our websites using social media (e.g., LinkedIn, Google, or Twitter) to authenticate your identity and connect your social media login information with us, we will collect information
or content needed for the registration or login that you permitted your social media
provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want shared with us.
7.5. Business clients — Our business clients may engage us to perform professional services which involves sharing personal information they control as part of that engagement. For example, we will review payroll data as part of an audit and we often need to use personal information to provide global mobility and pension services. Our services may also include processing personal information under our clients’ control on our hosted software applications, which may be governed by different privacy terms and policies.
7.6. Recruitment services – We may obtain personal information about candidates from an employment agency, and other parties including former employers, recruitment sites and credit reference agencies.

8. USE OF INFORMATION COLLECTED

8.1.  HealthWareX may process personal information for the following purposes:

8.1.1.  to provide HWX services to our clients;
8.1.2. to meet legal or regulatory requirements;
8.1.3. conduct due diligence checks relating to the services;
8.1.4. for other activities that form part of the operation of our business;
8.1.5. to manage and respond to any request you submit through our Website;
8.1.6. promoting our professional services, products and capabilities to existing and prospective business clients;
8.1.7. sending invitations and providing access to guests attending our events and webinars or our sponsored events;
8.1.8. personalising online landing pages and communications we think would be of interest based on interactions with us and group companies;
8.1.9. administering, maintaining and ensuring the security of our information systems, applications and websites; and
8.1.10. authenticating registered users to certain areas of our sites.

8.2. We may from time to time contact you about services, products and offerings available from HealthWareX or specific subsidiaries which we believe may be of interest to you, by email, phone, text or other electronic means, unless you have unsubscribed from receiving such communications. You can unsubscribe from receiving such communications by contacting the IO, or following the prompt in any communications we send you.

​

9. DISCLOSURE OF YOUR INFORMATION

9.1. Your personal information may be shared with our affiliates, subsidiaries, our agents and sub-contractors, and selected third parties who process the information on our behalf.
9.2. We may also disclose your personal information to third parties for the purposes listed in paragraph 8.1 above.
9.3. If you do not wish us to disclose this information to third parties, please contact us at the contact details set out above in paragraph 4. We may, however, not be able to provide products or services to you if such disclosure is necessary.

10. RETENTION OF YOUR INFORMATION

We will retain your personal information for as long as it is necessary to achieve the purpose for which it was collected, and in some cases this may be for an indefinite period, if we are permitted or required to do so in terms of applicable laws. However, as a general rule, we will retain your information in accordance with retention periods set out in applicable laws, unless we need to retain it for longer for a lawful purpose. (For example, for the purposes of complaints handling, legal processes and proceedings.)

11. YOUR RIGHTS

11.1. You have the right to withdraw your consent for certain specific processing activities at any time. To withdraw your consent, please contact the IO. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
11.2. You have the right to ask us not to contact you for marketing purposes. You can exercise this right at any time by using any of the various "opt-out" options that we will always provide to you when we communicate with you. We won’t send you marketing messages if you tell us not to but we will still need to send you service-related messages.
11.3. You may request details of personal information which we hold about you following the processes under privacy and access to information laws. Confirmation of whether or not we hold personal information about you may be requested free of charge. If you would like to obtain a copy of your Personal Information held by HealthWareX, please contact our IO (note if you are in South Africa, you will need to follow the process set out in our PAIA Manual located on our website).
11.4. You may request the correction of personal information HealthWareX holds about you. Please ensure that the information we hold about you is complete, accurate and up to date.
11.5. You have a right in certain circumstances to request the destruction or deletion of and, where applicable, to obtain restriction on the processing of personal information held about you. If you wish to exercise this right, please contact us using the contact details set out above in paragraph 4.
11.6. You have a right to object on reasonable grounds to the Processing of your Personal Information where the Processing is carried out in order to protect our or
a third party’s legitimate interests or your legitimate interests, unless the law
provides for such Processing.
11.7. You have the right in certain circumstances to request the transfer of your personal information to another party of your choice.

12. OUR COMMITMENT TO SECURITY

The security of your data is important to us. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. However, we do employ a number of safeguards intended to mitigate the risk of unauthorised access or disclosure of your information. We will do our best to protect your personal information and we will use up to date technology that will help us to do this. We will at all times comply with our obligation under applicable law. It is important that you take all necessary and appropriate steps to protect your Personal Information yourself (for example, by ensuring that all passwords and access codes are kept secure).

13. TRANSFER OF DATA

13.1. We are based in and operate from South Africa.
13.2. We may transfer your personal information outside of the country where you provided it, but only if such transfers are permitted in terms of privacy laws.
13.3. We may also transfer certain personal information outside of the country where you provided it, to third parties working with us or on our behalf for the purposes described in this Privacy Notice. When transferring personal information internationally to third parties we will ensure your personal information will continue to be protected for example, by entering into binding data transfer agreements or by ensuring there are adequate data privacy laws, which requires the relevant third party to adhere to the data handling and data protection requirements, acceptable to HealthWareX.

14. LINKS TO OTHER WEBSITES AND COOKIES

14.1. Our website may contain links to and from websites, mobile applications or services of third parties, advertisers or affiliates. Please note that we are not responsible for the privacy practices of such other parties and advise you to read the privacy statements of each website you visit which collects personal information.
14.2. Our website may use cookies. If cookies are used, your browser will receive a warning explaining how they are used.

15. COMPLAINTS

15.1. If you believe that HealthWareX has processed your personal information contrary to applicable law, you can first resolve any concerns with HealthWareX or the IO. You always have the right to lodge a complaint with the Regulator.
15.2. In South Africa, please note the Regulator’s details as follows:

Physical address
Information Regulator of South Africa
JD House
27 Stiemens Street
Braamfontein
Johannesburg, 2001

E-mail address:
POPIAComplaints@inforegulator.org.za

15.3. If you would like the details of a Regulator in other applicable regions, please contact us.

16. LATEST VERSION

16.1. HealthWareX keeps this Privacy Notice under regular review and may update or make material changes this Privacy Notice from time to time.
16.2. It is your responsibility to regularly check our Privacy Notice for any updates or changes. Continued use of our services after any changes to this Privacy Notice will constitute your acknowledgment of the modifications and your agreement to abide by the updated terms.
16.3. In the event of any material changes to this Privacy Notice, we will notify you of the update on our website.

PAIA Manual

​