External Privacy Standard
Please read this External Privacy Standard carefully to understand how your personal information will be handled by Professional Provident Society Healthcare Administrators (Pty) Ltd. Every term of this Standard is material.
1. TERMS USED
The following terms have the meanings assigned to them in this External Privacy Standard unless the context requires otherwise:
1.1 “Data subject” has the meaning assigned to it in POPIA and refers to the person to whom the personal information relates and includes both natural and juristic persons.
1.2 “PPSHA” refers to the Professional Provident Society Healthcare Administrators (Pty) Ltd.< 1.3 “PAIA Manual” refers to the PPS GROUP INFORMATION AND PRIVACY STANDARD compiled in terms of section 51 of the Promotion of Access to Information Act (Act 2 of 2000). 1.4 “Personal information” has the meaning assigned to it in POPIA and refers to information relating to living human beings and existing juristic persons. It includes information such as race, gender, age, medical information, identity number, contact details and confidential correspondence and “information” has a corresponding meaning. 1.5 “POPIA” means the Protection of Personal Information Act (Act 4 of 2013) and the Regulations issued in terms thereof. “Processing” has the meaning assigned to it in POPIA and refers to any operation or activity concerning personal information, such as the collection, receipt, recording. 1.6 storage, updating, alteration, use, distribution, erasure or destruction of the information and “process” has a corresponding meaning. 1.7 “We” / “us” refers to the PPSHA. 1.8 “Website” means ppsha.co.za 1.9 “You” / “your” refers to the data subject whose personal information is processed by the PPSHA.
2. ABOUT THE PROFESSIONAL PROVIDENT SOCIETY HEALTHCARE ADMINISTRATORS
The PPSHA is a private company incorporated under the laws of the Republic of South Africa South Africa. It provides medical scheme administration and risk management services to medical schemes.
Our contact details:
PPS Centurion Square
1262 Heuwel Avenue
Cnr Heuwel & Gordon Hood Roads,
Telephone: 012 679 4311
3. INFORMATION OFFICER
Our Information Officer’s contact details:
Name: Irma Joubert
Telephone: 012 679 4076
4. APPLICATION OF THE EXTERNAL PRIVACY STANDARD
This External Privacy Standard applies to personal information that we have in our possession or under our control and personal information that we collect or receive from or about you. It stipulates, amongst others, how we collect the information, the type of information collected, why that information is collected, the circumstances under which that information will be shared with others, the security measures that we have implemented to protect the information and how you may obtain access to and correct your information.
5. OUR COMMITMENT
We understand that your personal information is important to you and that you may be anxious about disclosing it. Your privacy and the security of your information are just as important to us and we want to make sure you understand how your information will be processed. We are committed to conducting our business in accordance with the law and to handle your personal information responsibly. We will, therefore, only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential. We take this commitment to look after your personal information seriously. We have implemented a number of processes to make sure that your personal information is used in the right way.
We apply the following principles in order to protect your privacy:
• We only collect the personal information that is necessary;
• We only use personal information for the purposes specified in this External Privacy Standard, unless you are advised otherwise;
• We do not keep personal information longer than needed for lawful purposes; and
• We only share your personal information as specified in this External Privacy Standard and/or permitted in terms of the law or otherwise as agreed with you.
6. PROCESSING OF INFORMATION ON BEHALF OF CLIENTS
7. WHEN YOU PROVIDE PERSONAL INFORMATION ABOUT ANOTHER INDIVIDUAL / ENTITY
You must make sure that if you provide personal information about any individual or entity to us, you may lawfully do so (e.g., with their consent). We will accept that you are acting lawfully. You should make sure that they are familiar with this External Privacy Standard and understand how we will use and disclose their information.
8. COLLECTION OF YOUR PERSONAL INFORMATION
9. PROCESSING OF YOUR PERSONAL INFORMATION
There are various laws that permit the processing of personal information such as the Medical Schemes Act (Act 131 of 1998) and POPIA. Employment laws permit the processing of employees’ information. We process the personal information of our clients and their beneficiaries in terms of written agreements with these clients.
We generally process the personal information listed below, if applicable in the circumstances. Other personal information may be collected and processed, if it is required in the circumstances.
• Entity’s name and contact details;
• Name and surname, title, contact details and position of relevant persons at the relevant entity;
• Agreements and related information;
• Official documentation, such as rules and brochures;
We process personal information of medical scheme beneficiaries and other data subjects (such as trustees, brokers and employees) on behalf of clients as authorised by client agreements.
Suppliers, Vendors and Other Persons or Public and Private Bodies
• Organisation’s name and contact details;
• Names and surnames, titles, contact details and positions of relevant persons at these organisations;
• Agreements and related information;
• Official documentation, such as newsletters and brochures;
• BBBEE status;
• COVID-19 screening information of visitors to the PPSHA; and
If you consent to the processing of your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for in the law.
11. LINKS TO SOCIAL NETWORKING SERVICES
We may use social networking services such as WhatsApp, LinkedIn, Twitter and Facebook to communicate with the public about our services. When you communicate with us through these services, the relevant social networking service may collect your personal information for its own purposes. These services have their own privacy policies, which are independent of this External Privacy Standard.
12. OBJECTION TO PROCESSING
When we process your personal information to protect your legitimate interests or based on the legitimate interests of the PPSHA or those of a third party to whom we supply the information, you may object to our processing, if it is reasonable to do so. This must occur on the form prescribed by POPIA, available from our Information Officer. This does not affect your personal information that we have already processed. If you object and we agree with your objection, your personal information will only be processed as provided for in the law.
13. PURPOSE OF PROCESSING YOUR PERSONAL INFORMATION
We generally process your personal information for the following purposes:
14. DISCLOSURE OF YOUR PERSONAL INFORMATION
We will share only relevant personal information about you with the persons and entities specified below, if it is necessary and lawful in the circumstances.
Employees and Job Applicants
Suppliers, Vendors and Other Public and Private Bodies
We maintain records of your personal information for as long as it is necessary for lawful purposes related to the conducting of our business, including to provide services to you; comply with legal obligations; attend to litigation; enforce agreements; and for historical, statistical and research purposes subject to the provisions of the law.
16. INFORMATION SENT ACROSS THE BORDERS OF THE REPUBLIC OF SOUTH AFRICA
We process and store your information in records within the Republic South Africa and in ‘clouds’, which may be located outside of the Republic. We take great care in the selection of the ‘clouds’ to ensure the protection of your personal information. If we must provide your personal information to any third party in another country, we will obtain your prior consent unless such information may be lawfully provided to that third party.
17. SECURITY OF YOUR PERSONAL INFORMATION
We are committed to ensuring the security of your personal information in order to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. We have implemented and continually review and update our information protection measures to ensure the security, integrity, and confidentiality of your information in accordance with industry best practices. These measures include secure storage of records; password control to access electronic records, firewalls and off-site data back-ups. In addition, only those officers, employees and service providers or suppliers that require access to your information to discharge their functions and to render services to us are granted access to your information and only if they have concluded agreements with us or provided undertakings regarding the implementation of appropriate security measures, maintaining confidentiality and processing the information only for the agreed purposes. We will inform you and the Information Regulator, if any person has unlawfully obtained access to your personal information, subject to the provisions of the law.
18. RIGHT TO ACCESS YOUR PERSONAL INFORMATION
You have the right to request access to your personal information in our possession or under our control and information of third parties to whom we have supplied that information subject to restrictions imposed in legislation. If you wish to exercise this right, please complete the prescribed form, available from our Information Officer, and submit it to the Information Officer. Costs may be applicable to such request, which can be obtained from the Information Officer. Please consult our PAIA Manual for further information.
19. ACCURACY OF YOUR PERSONAL INFORMATION
It is important that we always have accurate information about you on record as it could impact on communication with you and the rendering of services to you. You must therefore inform us as soon as any of your information has changed. You may also request us to correct or delete any information. Such a request must be made in writing on the prescribed form to the Information Officer. The form can be obtained from the Information Officer. You must provide sufficient detail to identify the information and the correction / deletion required. Information will only be corrected / deleted, if we agree that the information is incorrect or should be deleted. It may not be possible to delete all the information if we may lawfully retain it. Please contact the Information Officer to discuss how we can assist you with your request. If we correct any information and the corrected information will impact on any decision made or to be made about you, we will send the corrected information to persons to whom the information has been disclosed in the past if they should be aware of the changed information.
20. MARKETING OF PRODUCTS AND SERVICES
If you have given us consent, we may occasionally inform you, electronically or otherwise, about supplementary products and services offered by us that may be useful or beneficial to you. You may at any time withdraw your consent and opt out from receiving such information.
21. CHANGES TO THIS STANDARD
We reserve the right in our sole and absolute discretion, to revise or supplement this External Privacy Standard from time to time to reflect, amongst others, any changes in our business or the law. We will publish the updated External Privacy Standard on our website. It will also be available at our offices. Any revised version of the External Privacy Standard will be effective as of the date of posting on the website, so you should always refer back to the website for the latest version of the Standard. It is your responsibility to make sure you are satisfied with any changes before continuing to use our services.
22. ENQUIRIES, CONCERNS AND COMPLAINTS
All enquiries, requests or concerns regarding this Standard or relating to the processing of your personal information by us should be addressed to our Information Officer. You may also lodge a complaint with the Information Regulator at complaints.IR@justice.gov.za / +27 (0)10 023 5207 / +27 (0)82 746 4173.
23. LAWS APPLICABLE TO THIS EXTERNAL PRIVACY STANDARD
This External Privacy Standard is governed by the laws of the Republic of South Africa.