VeriClaim

PAIA Manual

1. INTRODUCTION TO MEDICHARGE

MediCharge (Pty) Ltd (“MediCharge”), a private company registered under the laws of South Africa with registration number 2008/020468/07, provides leading-edge Specialist Practice Management solutions including Bureau Administrative services to the Specialist fraternity within South Africa and neighbouring countries. MediCharge is associated with the SpesNet Global Group of Companies, which MediCharge has offices in South Africa, Singapore, Indonesia, the Philippines and the Unites States of America (“the USA”).

2. CONTACT DETAILS OF MEDICHARGE

Managing Director:	Mr. M. Howell
Information Officer:	Mr. M. Howell
Deputy Information Officer:	Mr. B. Bear
Physical Address:	Block 2, Crossway Office Park, 240 Lenchen Ave, Centurion, Pretoria, 0157
Postal Address:	Block 2, Crossway Office Park, 240 Lenchen Ave, Centurion, Pretoria, 0157

Telephone Number:	+27 (0)12 679 9745
E-mail address:	informationofficer@medicharge.co.za
Website address:	https://www.medicharge.co.za

3. GUIDE OF THE SA HUMAN RIGHTS COMMISSION / INFORMATION REGULATOR

The South African Human Rights Commission (“SAHRC”) / Information Regulator compiled a Guide, in terms of Section 10 of the Promotion of Access to Information Act 2 of 2000 (“PAIA”), to assist persons wishing to exercise their rights in terms of this Act. This Guide contains, amongst others, the following information:

The purpose of PAIA;
The manner, form and costs of a request for access to information held by a body;
Legal remedies when access to information is denied;
When access to information may be denied; and
The contact details of Information Officers in the national, provincial, and local government

The Guide is available in all the official languages on the website of the SAHRC at https://www.sahrc.org.za/home/21/files/Section%2010%20guide%202014.pdf or can be obtained from the Information Regulator at:

Physical address:	JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Postal address:	PO Box 31533, Braamfontein, Johannesburg, 2017
Telephone:	+27 (0) 10 023 5207 / +27 (0) 82 746 4173
E-mail address:	inforeg@justice.gov.za
Website:	https://www.justice.gov.za/inforeg/

The publication of the Guide will become the responsibility of the Information Regulator with effect from 30 June 2021.

4. RECORDS HELD BY MEDICHARGE

MediCharge holds the following categories of records:

(a) Records relating to the Company and its Operations: Documents related to the establishment of the company, its incorporation, its directors, and shareholders as required in terms of the Companies Act 71 of 2008; a shareholders’ agreement; other statutory records; telephone recordings of external calls; CCTV footage of visitors to MediCharge; recording of virtual meetings; client registries; governance documents and other related documents.

(b) Client records: Agreements and related information, including records and personal information of clients and clients’ patients, required to perform the client agreements; standard operating procedures (“SOPs”); policies; financial records; governance-related documents and records relating to the performance of client services.

(c) Employment records: Recruitment records; employment contracts; employee details; conditions of employment; workplace policies; skills development plans (where applicable) and training records; salary register; relevant tax records; leave records; disciplinary records; medical scheme application forms; group life beneficiary nominations and related documentation.

(d) Health and safety records: Evacuation plan; health and safety committee records; health and safety incident reports.

(e) Financial records: Financial statements; auditors’ reports; accounting records; bank statements; invoices, statements and receipts; transactional records; VAT records; tax returns and related documentation.

(f) Records related to assets: Asset register; stock records; sale and purchase agreements and related records.

(g) Agreements: Agreements and related documentation with associations / societies, contractors, consultants, suppliers, vendors and other relevant persons and entities.

(h) Public and private body records: Business engagements; official documents published and correspondence.

(i) Legal records: Records related to legal matters.

(j) Insurance records: Policies and related records; claims and payment records.

5. INFORMATION AVAILABLE IN TERMS OF LEGISLATION

MediCharge holds records as may be required in terms of the following legislation subject to the specific protection offered by these laws:

(a) Basic Conditions of Employment Act 75 of 1997;
(b) Broad-Based Black Economic Empowerment Act 53 of 2003;
(c) Compensation for Occupational Injuries and Diseases Act 130 of 1993;
(d) Disaster Management Act 57 of 2002;
(e) Electronic Communications and Transactions Act 25 of 2002;
(f) Employment Equity Act 55 of 1998;
(g) Income Tax Act 58 of 1962;
(h) Labour Relations Act 66 of 1995;
(i) Medical Schemes Act 131 of 1998;
(j) Occupational Health and Safety Act 85 of 1993;
(k) Promotion of Access to Information Act 2 of 2000;
(l) Protection of Personal Information Act 4 of 2013;
(m) Skills Development Levies Act 9 of 1999;
(n) Skills Development Act 97 of 1998;
(o) Unemployment Contributions Act 4 of 2002;
(p) Unemployment Insurance Act 63 of 2001; and
(q) Value Added Tax Act 89 of 1991.

6. RECORDS AUTOMATICALLY AVAILABLE

No notice has been submitted by MediCharge to the Minister of Justice and Correctional Services regarding the categories of records, which are available without a person having to request access in terms of Section 52(2) of PAIA. However, the information on the website of MediCharge is automatically available. Access and usage of the information on the website are subject to the Website Terms and Conditions as well as the Privacy Policy of MediCharge

7. PURPOSE OF PROCESSING PERSONAL INFORMATION

MediCharge processes personal information of data subjects for the following purposes:

to conduct its business and meet MediCharge objectives;
to perform in accordance with client agreements;
to procure and enrol clients, manage and execute contracts, collect fees and provide client services;
for recruitment, employment, human resource and labour-related matters;
for training, up-skilling and career growth purposes;
for industrial relations and disciplinary purposes;
for governance purposes;
for communication purposes;
to engage with public and private bodies (including regulators) on behalf of clients;
to engage with clients and potential clients nationally and internationally;
for marketing purposes;
for training purposes;
for MediCharge procurement purposes;
for historical, statistical and research purposes;
for enforcement of its rights;
to discharge statutory duties;
for the provision of employment benefits;
to detect criminal behaviour;
for protection of our offices, business, assets and employees; and
for any other lawful purpose related to its business.

8. DATA SUBJECTS, THEIR PERSONAL INFORMATION AND POTENTIAL RECIPIENTS OF INFORMATION

MediCharge holds the personal information in respect of the categories of data subjects specified below as may be relevant in the circumstances. The potential recipients of this information are also specified. Information and records are only disclosed to recipients as may be necessary in the circumstances and authorised in terms of the law or otherwise with the consent of the relevant data subject.

(a) Directors

Categories of personal information:
Full names and surnames; titles; contact details; identity numbers; passport numbers; race; gender; nationality; biometric information; spouses’ details (for travel and accommodation arrangements); remuneration; vehicle registration details; bank details; tax numbers and related tax information; information included on visa application forms; signatures of official bank signatories; proof of residence; and correspondence.

Potential Recipients:
Other directors; relevant employees; banks; embassies; South African Revenue Service (“SARS”); relevant statutory and other public bodies (e.g., Compensation Commissioner for Occupational Diseases and Injuries [“COIDA”], Company and Intellectual Property Commission [“CIPC”] and the Unemployment Insurance Fund [“UIF”]); relevant funders; clients and potential clients; relevant suppliers; vendors and service providers; travel agents; legal and professional advisers; insurers; law enforcement structures and auditors

(b) Employees

Categories of personal information:
Full names and surnames; calling names / nicknames; titles; contact details; addresses; identity numbers; passport numbers; dates of birth; age; passport numbers; race; gender; nationality; qualifications; professions; position/s; biometric information; vetting reports (qualifications, credit and criminal records); employment-related information; positions, job descriptions and job grades; marital status, photos (voluntarily); relevant health and disability information; references; other information included in curriculum vitae (“CVs”); all information and documentation obtained during the recruitment / selection process; past employment history; COVID-19 screening information; health and safety-related incidents; records created in the performance of their duties; leave records; remuneration; employment benefits and related information; absenteeism information; trade union membership; emolument attachment orders;; biometric information;bank details; tax numbers and related tax information; information included on medical scheme application forms; authorised expenses; relevant information on spouses and emergency contacts; dependants’ and beneficiaries’ details for purposes of medical scheme enrolment; group / risk cover; funeral cover and retirement annuity benefits (as may be applicable); recording of telephonic conversations with external callers and video meeting; CCTV footage; and correspondence.

Potential Recipients:
Directors and relevant employees; clients; relevant statutory and other public bodies (e.g., SARS); employee benefit providers; vetting agencies; relevant funders; clients and potential clients; relevant suppliers, vendors and service providers; banks; credit providers; persons involved in disciplinary processes; medical practitioners (verify sick notes or medical reports); insurers; law enforcement structures and auditors.

(c) Job Applicants

Categories of personal information:
Full names and surnames; titles; contact details; addresses; identity numbers; passport numbers; date of birth; age; race; gender; nationality; qualifications; professions; employment history and related information; relevant health and disability information; vetting reports (qualifications, credit and criminal records) information included on CVs; interview notes; salary information; interview notes; references; employment benefits; recording of telephonic conversations including screenings and video interviews (where applicable); CCTV footage and correspondence.

Potential Recipients:
Relevant directors and employees; relevant statutory and other public bodies (e.g., Department of Education); recruitment and vetting agencies; legal and professional advisers; auditors and law enforcement structures.

(d) Company’s Clients (Members)

Categories of personal information:
Practice, Provider or Organisations’ name, addresses and contact details, banking details, statutory council registration numbers and Practice numbers; names, surnames, titles and contact details of contact persons, and employees; invoices and payment information; assisting and referring Provider’s details all the information included in proposals and agreements; SOPs; policies; governance documents; and correspondence.

Potential Recipients:
Relevant directors and employees; relevant suppliers, vendors and service providers; banks legal and professional advisers; insurers; and auditors.

(e) Patients of Members (when rendering services to Members in terms of Written Agreements):

Categories of personal information:
Full names and surnames; titles; identity numbers; dates of birth; age; gender; addresses; contact details; marital status; funders (e.g., medical scheme / Compensation Commissioner for Occupational Diseases and Injuries); payment-related information, including invoices, remittances and statements; ICD-10 and procedure codes, clinical information and correspondence. Injury-on-duty patients – additional information processed: Claim numbers, funders, treating and referring providers, places of treatment, personnel numbers, occupations, file numbers of treating providers, dates of accident, provinces, employers name, VAT numbers of employer, registration numbers of employer, all treatment-related information (e.g., admission and discharge dates from hospitals, clinical, billing and product codes, medical reports and supporting documents) and information related to submission of claims; Payment-related information, including invoices, statements, and remittances; and Correspondence.

Potential Recipients:
Relevant directors and employees; relevant funders and employers of patients (IOD claims only); Switching houses; relevant service providers.

(f) Funder and Administrator Clients, including Switching houses and Managed Care Organisations

Categories of personal information:
Entity names, addresses and contact details; names, surnames, titles and contact details of contact persons, employees and executives; all the information included in proposals and agreements; and correspondence.

Potential Recipients:
Relevant directors and employees; relevant SpesNet group companies; relevant healthcare providers; relevant suppliers, vendors and service providers.

(g) Suppliers, Vendors, Other Persons, Entities and Bodies

Categories of personal information:
Organisation’s name, registration details and contact details; names, surnames, titles and contact details of contact persons, employees and executives; all the information included in proposals and agreements; bank details and payment-related information; VAT Numbers; official documentation; BBBEE certificates; COVID-19 screening information of visitors to MediCharge; and correspondence.

Potential Recipients:
Relevant directors and employees; relevant SpesNet group companies; relevant suppliers, vendors and service providers; legal and professional advisers; insurers; and auditors.

(h) Insurers

Categories of personal information:
Names and contact details; premiums; benefits and correspondence.

Potential Recipients:
Relevant directors and employees; relevant suppliers, vendors and service providers; legal and professional advisers; insurers; law enforcement structures and auditors.

9. PERSONAL INFORMATION SENT ACROSS THE BORDERS OF THE RSA

MediCharge sends personal information of South African clients or client’s patients across the borders of the Republic of South Africa (“RSA”). This is for information used on the Telehealth platform. The USA based healthcare service provider is HIPAA compliant and ensures a high level of data protection. All clients residing in neighbouring countries using the MediCharge Practice Management system, do send their patient data across the borders to RSA for processing.

10. SECURITY MEASURES TO PROTECT PERSONAL INFORMATION

MediCharge is committed to ensuring the security of personal information in its possession and under its control in order to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. MediCharge implemented and continually reviews and updates the information protection measures to ensure the security, integrity, and confidentiality of personal information in accordance with industry best practices. These measures include secure storage of records; access control to records; multiple levels of electronic security; workplace policies and off-site data back-ups. In addition, only those officers, employees and service providers or suppliers that require access to the information to discharge their functions and to render services to MediCharge are granted access to such information and only if they have concluded agreements with MediCharge or provided undertakings regarding the implementation of appropriate security measures, maintaining confidentiality and processing the information only for the agreed purposes. MediCharge will inform data subjects and the Information Regulator, if any person has unlawfully obtained access to their personal information, subject to the provisions of the law.

11. PROCEDURE TO OBTAIN ACCESS TO RECORDS OR INFORMATION

The fact that information and records are held by MediCharge as listed in this Manual should not be construed as conferring upon any requester any right to that information or record. PAIA grants a requester access to records of a private body, if the record is required for the exercise or protection of any right. If a public body lodges a request, the public body must be acting in the public interest. Access to records and information (other than that listed on MediCharge’s website) is not automatic. Any person, who would like to request access to any of the above records or information, is required to complete a request form, which is available from the Information Officer of MediCharge or the Information Regulator at the contact details stipulated above. The requester must provide sufficient detail on the request form to enable the Information Officer to identify the record and the requester. The requester must identify the right he/she is seeking to exercise or protect and explain why the record requested is required for the exercise or protection of that right. If a request is made on behalf of another person, the requester must submit proof of the capacity in which the request is made to the satisfaction of the Information Officer. Access to the requested records or information or parts of the records or information may be refused in terms of the law. Requesters will be advised of the outcome of their requests

12. FEES PAYABLE TO OBTAIN THE REQUESTED RECORDS OR INFORMATION

Fees may be charged for requesting and accessing information and records held by MediCharge. These fees are prescribed in terms of PAIA. Details of the fees payable may be obtained from the Information Officer. The fees are also available from the Information Regulator.

13. AVAILABILITY OF THIS MANUAL

A copy of this Manual is available for inspection, free of charge, at MediCharge’s offices and on its website. A copy of the Manual may also be requested from the Information Officer against payment of a fee as may be applicable.

Privacy Policy

Please read this Privacy Policy carefully to understand how your personal information
will be handled by MediCharge (Pty) Ltd. Every term of this Policy is material.

1. ABOUT MEDICHARGE (PTY) LTD

MediCharge (Pty) Ltd (MediCharge) provides leading-edge healthcare solutions for healthcare providers, medical insurers, administrators using technology solutions, healthcare and artificial intelligence. MediCharge is associated with the SpesNet Global Group of Companies, which has offices in South Africa, Singapore, Indonesia, the Philippines and the Unites States of America.

Our contact details:

Address:	Block 2, Crossway Office Park, 240 Lenchen Ave, Centurion, 0157 P.O. Box 8630, Centurion, 0046
E-mail:	info@medicharge.co.za
Telephone:	+27 (0)12 679 9745

2. INFORMATION OFFICER AND DEPUTY INFORMATION OFFICER

Our Information Officer is:	Mr. M. Howell
E-mail:	informationofficer@medicharge.co.za
Telephone:	012 679 9745

Our Deputy Information Officer is:	Mr. B. Bear
E-mail:	informationofficer@medicharge.co.za
Telephone:	012 110 4178

3. EXPLANATION OF TERMS USED

The following terms have the meanings assigned to them in this Privacy Policy unless the context requires otherwise:
3.1 “Board” refers to the Board of Directors of MediCharge (Pty) Ltd.
3.2 “Data subject” has the meaning assigned to it in POPIA and refers to the person to whom the personal information relates and includes both natural and juristic persons.
3.3 “MediCharge” refers to MediCharge (Pty) Ltd, a private company duly incorporated under the laws of South Africa with registration number 2000/009511/07.
3.4 “Client” refers to a person or an entity that has entered into an agreement with MediCharge to supply it with services.
3.5 “Member” refers to a person who has been admitted as a member of MediCharge and “membership” has a corresponding meaning.
3.6 “Officer” refers to a member of the Board or any Committee of MediCharge.
3.7 “PAIA” refers to the Promotion of Access to Information Act (Act 2 of 2000) and the Regulations issued in terms thereof.
3.8 “PAIA Manual” refers to the Manual compiled by MediCharge in terms of section 51 of PAIA.
3.9 “Personal information” has the meaning assigned to it in POPIA and refers to information relating to living human beings and existing juristic persons. It includes information such as race, gender, age, medical information, identity number, contact details and confidential correspondence and “information” has a corresponding meaning.
3.10 “POPIA” means the Protection of Personal Information Act (Act 4 of 2013) and the Regulations issued in terms thereof.
3.11 “Processing” has the meaning assigned to it in POPIA and refers to any operation or activity concerning personal information, such as the collection, receipt, recording, storage, updating, alteration, use, distribution, erasure or destruction of the information and “process” has a corresponding meaning.
3.12 “We” / “us” refers to MediCharge.
3.13 “Website” means https://www.medicharge.co.za.
3.14 “You” / “your” refers to the data subject whose personal information is processed by MediCharge.

4. APPLICATION OF THE PRIVACY POLICY

This Privacy Policy applies to personal information that we have in our possession or under our control and personal information that we collect or receive from or about you. It stipulates, amongst others, how we collect the information, the type of information collected, why that information is collected, the circumstances under which that information will be shared with others, the security measures that we have implemented to protect the information and how you may obtain access to and correct your information. We process personal information on behalf of and for our clients and members in terms of written agreements. This information may also relate to clients’ or members’ data subjects, such as patients. If you are a patient or another data subject of one of our clients, you should refer to their privacy policies or related documentation, which is independent of this Privacy Policy, for further information in respect of the personal information that they collect and process.

5. OUR COMMITMENT

We understand that your personal information is important to you. Your privacy and the security of your information are just as important to us and we want to make sure you understand how your information will be processed. We are committed to conducting our business in accordance with the law. We will, therefore, only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential. We take this commitment to look after your personal information seriously. We have implemented a number of processes to make sure that your personal information is used in the right way.

We apply the following principles in order to protect your privacy:

We only collect the personal information that is necessary;
We only use personal information for the purposes specified in this Privacy Policy unless you are advised otherwise;
We do not keep personal information longer than needed for lawful purposes; and
We only share your personal information as specified in this Privacy Policy and/or permitted in terms of the law or otherwise as agreed with you.

6. WHEN YOU PROVIDE PERSONAL INFORMATION ABOUT ANOTHER INDIVIDUAL / ENTITY

You must make sure that if you provide personal information about any individual or entity to us, you may lawfully do so (e.g., with their consent). We will accept that you are acting lawfully. You should make sure that they are familiar with this Privacy Policy and understand how we will use and disclose their information.

7. COLLECTION OF YOUR PERSONAL INFORMATION

We collect personal information directly from you when you become a member or client of MediCharge, when you supply information on our website, when you provide information to us or when another person or entity provides information about you to us. Information may also be collected from other sources (e.g., public records), depending on the circumstances, when it is, for example, not possible to obtain the information directly from you, or, you make information publicly available. Healthcare practitioner information is, amongst others collected from Medpages, other publicly available sources or “paid-for” subscription services. Telephone calls with external callers, virtual meetings (video feed) and CCTV footage of all visitors to our offices are recorded. The information that we collect is necessary to provide client or other services to fulfil the objective of MediCharge and discharge its responsibilities in terms of agreements entered into with clients.

8. PROCESSING OF YOUR PERSONAL INFORMATION

There are various laws that permit the processing of personal information such as POPIA. We generally process the personal information listed below, if applicable in the circumstances, and retain it as part of our records. Telephone calls with external callers, virtual meetings (video feed) and CCTV footage of all visitors to our offices are recorded. Other personal information may be collected and processed, if it is required in the circumstances.

MediCharge Members

Full names and surnames, titles, identity numbers, addresses, contact details, qualifications, disciplines, statutory council registration numbers and practice numbers;
Bank details;
Invoices and payment information;
Information of data subjects (such as patients) of members as set out below; and
Correspondence

Patients of Members (when rendering services on behalf of Members in terms of written agreements):
Full names and surnames, titles, identity numbers, dates of birth, age, gender, addresses, contact details, marital status, and funders’ (e.g., medical scheme / Compensation Commissioner for Occupational Diseases and Injuries) details; payment-related information, including invoices, remittances and statements; ICD-10 and procedure codes, clinical information and correspondence.

Injury-on-duty patients – additional information processed: Claim numbers, funders, treating and referring providers, places of treatment, personnel numbers, occupations, file numbers of treating providers, dates of accident, provinces, employers name, VAT numbers of employer, registration numbers of employer, all treatment-related information (e.g., admission and discharge dates from hospitals, clinical, billing and product codes, medical reports and supporting documents) and information related to submission of claims;
Payment-related information, including invoices, statements and remittances; and Correspondence.

Funder and Administrator Clients, including Switches and Managed Care Organisations

Entity names, addresses, and contact details;
Names, surnames, titles and contact details of executives, employees and contact persons;
All the information included in proposals and agreements;
Correspondence

Beneficiaries / Policy Holders of Funder and Administrator clients when rendering services on their behalf in terms of written Agreements:

Full names and surnames, identity numbers, dates of birth, age, addresses, contact details, applicable funders and incident numbers provided by the funders;
ICD-10 codes and relevant descriptions of diseases, injuries and medical conditions; and Policy holders’ full names and surnames, policy numbers, addresses, contact details and incident numbers.

Suppliers, Vendors and Other Persons, Entities and Bodies

Organisations’ names, registration details, addresses and contact details;
Names, surnames, titles and contact details of executives, employees and contact persons;
All the information included in proposals and agreements;
Bank details and payment-related information;
VAT Numbers;
Official documentation, such as newsletters and brochures;
BBBEE certificates;
Healthcare providers involved in the treatment of the patients and beneficiaries mentioned above: names and surnames, titles, addresses, practice numbers and VAT numbers;
COVID-19 screening information of visitors to MediCharge; and Correspondence.

Directors and their Spouses

Names, surnames, addresses, and contact details;
CVs and interests of directors;
Identity and passport numbers; and
Information provided on visa application forms.

9. PROCESSING OF INFORMATION ON BEHALF OF CLIENTS / MEMBERS

We process personal information, in terms of written agreements, on behalf of clients and our members. This information relates to the clients’ and members’ data subjects such as medical scheme beneficiaries, patients and policy holders. If you are a patient, medical scheme beneficiary or policy holder, you should refer to your treating practitioner’s, medical scheme’s or insurer’s privacy policy or related documentation, which is independent of this Privacy Policy, for further information in respect of the personal information that they collect and process.

10. PURPOSE OF PROCESSING YOUR PERSONAL INFORMATION

to meet MediCharge’s objectives and perform agreements with clients;
to procure and enrol clients, manage and execute contracts, collect fees and provide client services;
for training, up-skilling and career growth purposes;
for industrial relations and disciplinary purposes;
for governance purposes;
for communication purposes;
to engage with public and private bodies (including regulators) on behalf of clients;
to engage with clients and potential clients, nationally and internationally;
for marketing purposes;
for procurement purposes;
for historical, statistical and research purposes;
for enforcement of MediCharge’s rights;
to discharge statutory duties;
for the provision of employment benefits;
to detect criminal behaviour;
for protection of our offices, business, assets and employees; and
for any other lawful purpose related to MediCharge’s business.

11. CONSENT

If you consent to the processing of your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for in the law.

12. OBJECTION TO PROCESSING

When we process personal information to protect your legitimate interests or based on the legitimate interests of MediCharge or those of a third party to whom we supply the information, you may object to our processing, if it is reasonable to do so. This must occur on the form prescribed by POPIA, available from our Information Officer. This does not affect your personal information that we have already processed. If you object and we agree with your objection, your personal information will only be processed as provided for in the law.

13. DISCLOSURE OF YOUR PERSONAL INFORMATION

We will share only relevant personal information about you with the persons and entities specified below, if it is necessary and lawful in the circumstances.

Personal information of all data subjects may be shared with the following persons and entities, if required for the business of MediCharge, if it is required or authorised in terms of the law or with consent of the relevant data subject:

Directors and relevant employees;
MediCharge group companies involved in the rendering of the services to members or clients;
Relevant funders (including relevant switching houses) and insurers depending on the services provided to clients and members;
Employers of injury-on-duty patients;
Relevant healthcare providers (patients, beneficiaries and policy holders);
Our auditors;
Our legal and professional advisers;
Our insurers;
Law enforcement structures, including courts and tribunals; and Relevant persons or entities as required or permitted by law, where we are under a duty to disclose or share information in order to comply with any legal obligation or to protect the rights, property or safety of our business, clients, employees, the public or others.

Other potential recipients of personal information, include the following:
Personal information of all data subjects may be shared with the following persons and entities, if required for the business of MediCharge, if it is required or authorised in terms of the law or with consent of the relevant data subject:

Their members and staff.
MediCharge Members: Their staff.
Directors and their spouses: Embassies, travel agents, travel and accommodation providers.

14. LINKS TO SOCIAL NETWORKING SERVICES

We use social networking services such as WhatsApp, LinkedIn, Twitter and Facebook to communicate with the public about our services. When you communicate with us through these services, the relevant social networking service may collect your personal information for its own purposes. These services have their own privacy policies, which are independent of this Privacy Policy.

15. RECORD-KEEPING

We maintain records of your personal information for as long as it is necessary for lawful purposes related to the conducting of our business, the performance and enforcement of agreements, the rendering of membership services, compliance with legal obligations, dealing with complaints and litigation and for historical, statistical and research purposes subject to the provisions of the law.

16. INFORMATION SENT ACROSS THE BORDERS OF THE REPUBLIC OF SOUTH AFRICA

We send personal information of directors and their spouses (if applicable) with their consent across the borders of the Republic of South Africa for purposes of, visa applications, compliance with financial institution requirements and travel and accommodation arrangements. These countries currently include Brazil, Germany, Australia, USA, Philippines, Indonesia, Botswana, Singapore, Indonesia, Ireland, Dubai and Swaziland. MediCharge sends personal information of South African clients or client’s patients across the borders of the Republic of South Africa (“RSA”). This is for information used on the Telehealth platform. The USA based healthcare service provider is HIPAA compliant and ensures a high level of data protection. All clients residing in neighbouring countries using the MediCharge Practice Management system, do send their patient data across the borders to RSA for processing.

17. SECURITY OF YOUR PERSONAL INFORMATION

We are committed to ensuring the security of your personal information in order to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. We have implemented and continually review and update our information protection measures to ensure the security, integrity and confidentiality of your information in accordance with industry best practices. These measures include secure storage of hard copy and electronic records; access control to records; multiple levels of electronic security; workplace policies and off-site data back-ups. In addition, only those officers, employees and service providers or suppliers that require access to your information to discharge their functions and to render services to us are granted access to your information and only if they have concluded agreements with us or provided undertakings regarding the implementation of appropriate security measures, maintaining confidentiality and processing the information only for the agreed purposes. We will inform you and the Information Regulator, if any person has unlawfully obtained access to your personal information, subject to the provisions of the law

18. RIGHT TO ACCESS YOUR PERSONAL INFORMATION

You have the right to request access to your personal information in our possession or under our control and information of third parties to whom we have supplied that information subject to restrictions imposed in legislation. If you wish to exercise this right, please complete the prescribed form, available from the Information Officer, and submit it to the Information Officer. Costs may be applicable to such request, which can be obtained from the Information Officer. Please consult our PAIA Manual for further information. If you are a data subject (e.g., patient) of a client, the request for access must be submitted to the relevant client (e.g., medical practice, medical scheme or insurer) in accordance with the procedures applicable at the client.

19. ACCURACY OF YOUR PERSONAL INFORMATION

It is important that we always have accurate information about you on record as it could impact on communication with you and the rendering of services to you or on your behalf. You must therefore inform us as soon as any of your information has changed. You may also request us to correct or delete any information. Such a request must be made in writing on the prescribed form to the Information Officer. The form can be obtained from the Information Officer. You must provide sufficient detail to identify the information and the correction / deletion required. Information will only be corrected / deleted, if we agree that the information is incorrect or should be deleted. It may not be possible to delete all the information if we may lawfully retain it. Please contact the Information Officer to discuss how we can assist you with your request. If we correct any information and the corrected information will impact on any decision made or to be made about you, we will send the corrected information to persons to whom the information has been disclosed in the past if they should be aware of the changed information.

20. MARKETING OF PRODUCTS AND SERVICES

If you give or have given us consent, we may occasionally inform you, electronically or otherwise, about supplementary products and services offered by us that may be useful or beneficial to you. You may at any time withdraw your consent and opt out from receiving such information.

21. CHANGES TO THIS POLICY

We reserve the right in our sole and absolute discretion, to revise or supplement this Privacy Policy from time to time to reflect, amongst others, any changes in our business or the law. We will publish the updated Privacy Policy on our website. It will also be available at our offices. Any revised version of the Policy will be effective as of the date of posting on the website, so you should always refer back to the website for the latest version of the Policy. It is your responsibility to make sure you are satisfied with any changes before continuing to use our services.

22. ENQUIRIES, REQUESTS AND COMPLAINTS

All enquiries, requests or complaints regarding this Policy or relating to the processing of your personal information by us should be addressed to the Information Officer. You may also lodge a complaint with the Information Regulator at complaints.IR@justice.gov.za. We would appreciate it if you would give us the opportunity to consider your request or complaint before you approach the Information Regulator.

23. LAWS APPLICABLE TO THIS PRIVACY POLICY

This Privacy Policy is governed by the laws of the Republic of South Africa.

Website Terms and Conditions

By using the website, you agree to be bound by these Website Terms and Conditions. All terms and conditions are material. Please review them carefully before proceeding.

COPYRIGHT NOTICE

DEFINITIONS
1. “MediCharge” means MediCharge (Pty) Ltd, a private company registered under the laws of South Africa with registration number 2000/009511/07.
2. “Personal information” has the meaning assigned to it in POPIA, and “information” has a similar meaning unless the context requires otherwise and includes any information that identifies or relates specifically to you such as your name and surname, contact details and information you supply when you log on to or submit information on the website.
3. “POPIA” means the Protection of Personal Information Act (Act 4 of 2013) (“POPIA”).
4. “Traffic data” means any data processed for the purpose of conveyance of a communication on an electronic communications network in respect of that communication and includes data relating to the routing, duration, or time of a communication.
5. “Web browser” means an application used to access and view this website such as Internet Explorer, Google Chrome and Safari.
6. “Website” means the internet website with the address https://www.medicharge.co.za or any website with a URL that is validly registered to MediCharge.
7. “You” / “your” means the user of the website and the services offered by MediCharge on or through the website.

PURPOSE OF THE WEBSITE
The main purpose of the website is to provide relevant information about MediCharge’s products and services to the public and as well as client access to MediCharge’s products and services.

CONDITIONS OF ACCESS AND USE
1. To avoid any confusion, you agree that these Website Terms and Conditions apply to your use of the website, any third-party website licensed to MediCharge and any information accessed via the website.
2. If you are registered on the website, you must keep your access details (username and password) confidential and not allow other people to use them. You accept full responsibility for all activities that occur under your access details and accept responsibility for sharing your username and password with any third party. Any use of your access details shall be regarded as if you were the person using such information.
3. Any materials copied from the website are for personal use only. Any material copied must remain intact and that all copies include the following notice in a clearly visible position: 'Copyright ©2021 MediCharge. All rights reserved.' Any copying or redistribution for commercial purposes or for compensation of any kind requires prior written permission from MediCharge.
4. By using the website, you guarantee that you will not, and you will not allow third parties on your behalf to
  1. make and distribute copies of the website
  2. attempt to copy, reproduce, alter, modify, reverse engineer, disassemble, decompile, transfer, exchange or translate the website, or
  3. create derivative works of the website of any kind whatsoever
5. You acknowledge that the terms of the agreement with your Internet provider will continue to apply when using the website. As a result, you may be charged by your provider for access to network connection services for the duration of the connection while accessing the website or any such third-party charges as may arise. You accept responsibility for any such charges that arise.
6. If you are not the payer of the device being used to access the website, you will be assumed to have received permission from the payer for accessing and using the website.

INFORMATION PROTECTION
1. The website contains confidential information, which is the property of MediCharge, its data subjects, its clients and/or its business partners. Unauthorised disclosure and/or use of this information may incur civil or criminal liability.
2. Any of your personal information which you supply to MediCharge when using the website will be used by MediCharge in accordance with its Privacy Policy and subject to legislation or as otherwise agreed with you.
3. You guarantee that all information provided by you on or through the website is true, accurate, current and correct and you undertake to update the information as and when required.
4. All information that you provide to MediCharge may be stored electronically and with third parties, which parties are bound by strict levels of confidentiality. These records shall be proof of the information unless you can prove otherwise.
5. MediCharge takes all reasonable steps to protect your personal information and maintain confidentiality, including by making use of encryption technology. However, MediCharge cannot guarantee the security or integrity of any information you transmit to it online and you agree that you do so at your own risk.

INTELLECTUAL PROPERTY
1. All trademarks, copyright, database and other intellectual property rights of any nature in the website together with the underlying software code as well as any content made available on the website (e.g., text, graphics, logos, images, etc.) are owned either directly by MediCharge or by MediCharge’s licensors unless expressly stated otherwise.
2. You do not obtain any trademark, copyright, database or any other intellectual property right of any nature or licence by using the website.
3. You are not granted any license or right to use any trademark without MediCharge’s prior written permission and/or that of any third party.

WEBSITE ANALYTICS
1. You may visit the website without providing any personal information. The website servers will in such instances collect the IP address used by the data subject to access the website, but not the e-mail address or any other personal identifiable information. The information on IP addresses is aggregated to measure the number of visits, the average time spent at the website, pages viewed, etc. MediCharge analyses non-identifiable traffic data to improve its services, via a third-party programme, Google Analytics.
2. MediCharge may collect, hold and use statistical information about website visits to help it improve the website. Such information includes –
  1. your IP address;
  2. the search terms you used;
  3. the pages accessed on the website;
  4. the links visitors clicked on;
  5. the date and time you visited the website;
  6. the referring website (if any) on which you clicked through to our website; and
  7. the type of web browser you use.
3. The traffic data is aggregated and is not personally identifiable. Our website analysis will respect any “does not track” setting you may have set on your web browser.

COOKIES
1. MediCharge uses industry-wide technologies such as ‘cookies’ to collect information about the use of the website, your preferences and past browsing history. ‘Cookies’ refer to information that is sent from the website to your hard drive, where it is saved. This will allow MediCharge to improve its services and your experience when you use the website again.
2. The ‘cookies’ do not collect any personal information about data subjects.
3. Users will be able to agree to ‘cookies’ in use when they visit the website for the first time or if the ‘cookies’ used are changed.
4. If marketing ‘cookies’ are used, users will be offered to option to accept or decline the use of such ‘cookies’.
5. Any information obtained will be shared with persons or entities to the extent necessary for them to administer and improve the website on our behalf.

BREACH, DISCLAIMERS AND LIMITATION OF LIABILITY
1. MediCharge tries to ensure that the most sophisticated technology protects the information on the website. However, MediCharge cannot be held responsible for any consequences that may result from the unlawful breach of copyright or unlawful dissemination of information by third parties copying information off the website. If you suspect a breach or where a breach may have taken place and this comes to your knowledge, please contact MediCharge (informationofficer@medicharge.co.za) as soon as possible so that the problem can be addressed.
2. The website and all information, content, tools and materials are provided by MediCharge "as is" and on an "as available" basis without warranty of any kind.
3. MediCharge does not guarantee the operation of the website or the information content, tools or materials on the website.
4. While MediCharge makes every effort to ensure that the content and information on the website is complete, accurate and up-to-date, it makes no guarantee about the suitability of the products and services and provide no representation or warranty, express or implied, regarding the accuracy, correctness, truthfulness, reliability and completeness of information contained on the website.
5. MediCharge does not guarantee that the website and/or information, content, tools or materials included on the website, MediCharge’s servers or any electronic communications sent by it are free from viruses or other harmful components.
6. The views and opinions expressed on this website, links or attachments hereto do not necessarily reflect the views and/or opinions of MediCharge.
7. Although MediCharge is fully committed to providing you with the best possible service, it shall not be responsible for:
  1. any interrupted, delayed or failed transmission, storage or delivery of information due to a power failure, equipment or software malfunction, natural disasters, fire, labour unrest, epidemics, pandemics, or any other cause beyond the reasonable control of MediCharge, or
  2. any inaccurate, incomplete or inadequate information supplied by you and/or obtainable from the website
8. The website and all of its component elements, including text, graphics, images, hyperlinks and other materials supplied by third parties, are for general educational purposes only.
9. You agree to use the website at your own risk.
10. MediCharge, its directors, employees, suppliers and website contributors shall not be liable to you or any other person or entity for, and you agree to indemnify them against, any claim or damages of any kind, including for direct, indirect, special, incidental, punitive and/or consequential damages as well as loss of profit or the like whether or not in the contemplation of the parties, whether based on breach of contract, delict (including negligence), or otherwise, arising from any of the events described in this clause 8, including -
  1. your use of the website or from any information, content, tools or materials included on or otherwise made available to you through the website, including any damage or alteration to your equipment;
  2. for any decision taken or acted upon as a result of reliance on the information or philosophies contained or expressed on the website;
  3. your actions or omissions that result in a breach of the Website Terms and Conditions;
  4. any harm suffered as a result of any content or comments posted on the website by any user that are intended or could be construed as harassment, direct or indirect discrimination, threats of whatsoever nature, defamation or intimidation;
  5. any harm suffered as a result of any content or comments posted on the website by any user involving materials or language that is obscene, pornographic, sexually explicit or sexually suggestive, vulgar or profane, or demeaning in nature;
  6. any harm suffered as a result of any unlawful use of the website and/or its contents by any user; and/or
  7. any links to other websites accessed from the website. You also acknowledge that MediCharge cannot control the content of, or the products and services offered on those websites.
11. If you breach the Website Terms and Conditions, MediCharge shall have the right to claim damages of whatsoever nature, as well as loss of profits and business, and all legal costs on a scale as between attorney and own client, from you.

TERMINATION OF ACCESS
1. You agree that the following actions shall constitute material breaches of the Website Terms and Conditions that shall result in the termination of your registration on the website and use of the website, if applicable:
  1. signing in as, or pretending to be another person;
  2. transmitting material that violates, or could violate intellectual property rights or the privacy of others;
  3. breaching the conditions of access to and use of materials on the website;
  4. using interactive services in a way that is intended to harm, or could result in harm to you or to other users of the website;
  5. using any content on the website or posting any comments that are intended or could be construed as harassment, direct or indirect discrimination, threats of whatsoever nature, defamation or intimidation;
  6. any use of the website involving materials or language that is obscene, pornographic, sexually explicit or sexually suggestive, vulgar or profane, or demeaning in nature;
  7. using the website for any unlawful purpose, including committing a criminal offence, gaining unauthorised access to other computer systems, or transmitting unlawful material; and/or
  8. gathering information about others without obtaining prior written consent.
2. Upon termination of use as contemplated in this clause 9, the rights granted to you by the Website Terms and Conditions shall terminate.

JURISDICTION
The laws of the Republic of South Africa shall govern these Website Terms and Conditions.

AMENDMENTS TO THE WEBSITE TERMS AND CONDITIONS
MediCharge may in its sole discretion amend the Website Terms and Conditions from time to time without prior notice. The latest Terms and Conditions available on the website shall at all times take precedence over any other version of these Terms. It is your responsibility to make sure you are satisfied with any changes before continuing to use the website.

FURTHER INFORMATION
If you have questions about these Website Terms and Conditions, please contact MediCharge at informationofficer@medicharge.co.za.

Request for Personal Information

COOKIES

1. MediCharge uses industry-wide technologies such as ‘cookies’ to collect information about the use of the website, your preferences and past browsing history. ‘Cookies’ refer to information that is sent from the website to your hard drive, where it is saved. This will allow MediCharge to improve its services and your experience when you use the website again.
2. The ‘cookies’ do not collect any personal information about data subjects.
3. Users will be able to agree to ‘cookies’ in use when they visit the website for the first time or if the ‘cookies’ used are changed.
4. If marketing ‘cookies’ are used, users will be offered to option to accept or decline the use of such ‘cookies’.
5. Any information obtained will be shared with persons or entities to the extent necessary for them to administer and improve the website on our behalf.

Policies