Updated: 01 February 2021
1.About MyHealth360.co.za, MyWell360 and Engage
We Healthy Living Group (“the Group”) are the proprietors of the MyHealth360 website (“MyHealth360”), the MyWell360 mobile application (“MyWell360”) and the Engage platform (“Engage”) together “the Platforms”). MyHealth360 and MyWell360 allow you (“User” or “You”) to access a range of services including video on demand (“VOD”), online courses, live sessions/training/fitness and, through Engage to book consultations with medical and healthcare service providers (“the Services”). For your convenience we have a one sign-in system for MyHealth360 and Engage. The Group does not offer medical advice and is not a professional healthcare provider itself.
2. Purpose of this Notice
2.1. The purpose of this POPI Notice is to establish the requirements and conditions for the collection, distribution and retention of personal information, in line with the prescripts of the Protection of Personal Information Act 4 of 2013 (“POPI”) and the Promotion of Access to Information Act 2 of 2000 (“PAIA”).
2.2. Your access to and use of any of the Services and the Platforms is in terms of this Privacy and POPI Notice (“POPI Notice” or “Notice”), whether your subscribe to the free or paid for packages or access the site without subscribing. This POPI Notice is between the Group and You, or the person You represent if You are using the Services as an employee or agent of someone else (You are agreeing to this POPI Notice on behalf of your organization/ principal and represent that You’re authorised to do so). You will also be bound by our Terms and Conditions of Use (“Terms”).
2.4. Any limitation of liability or undertaking of risk will be in bold and underlined.
3.1. “consent” – any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information.
3.2. “Cookies” small text files, created when Your browser loads a web page. Cookies are used to confirm your identity, track your preferences and give you a better user experience. They are stored on browser directories.
3.3. “data subject” – a person to whom the personal information relates. This will include You as a customer as well as prospective customers of the Group;
3.4. ‘‘operator’’ means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party;
3.5. “person” – a natural or juristic person.
3.6. “personal information” – any information in any form (including electronic and paper-based files) relating to an identifiable, living, natural person and, where applicable, an identifiable, existing juristic person. This can include, but is not limited to information relating to the race, sex, pregnancy, marital status, national, ethic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of a person. It also includes information relating to the education, medical, identifying and biometric information of an individual.
3.7. “processing” – any activity, automated or manual, concerning personal information. Such activity may include, but is not limited to, collection, receipt, recording, organisation, storage, collation, retrieval, alteration, updating, distribution, dissemination by means of transmission, erasure or destruction of personal information.
3.8. ‘‘responsible party’’ means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information;
3.9. “special personal information” – this is very sensitive personal information that requires stringent protection. Special personal information includes, but is not limited to, religious beliefs, political affiliations, race and ethnic origin, health, sex life and biometric information;
3.10. “secondary personal information” – this is personal information relating to third parties provided to us by Users as our client’s or prospective client’s for the purposes of the provision of online software services, creation of documents through self-help, finding legal information and connecting entrepreneurs and legal professionals.
4. Collection of personal information
4.1. the Group collects and receives personal information directly and indirectly from data subjects through various sources.
4.2. Information is collected and processed by the Group as follows:
4.2.1.directly from You, the data subject;
4.2.2.from Users, customers or prospective customers’ who may seek the Group’s assistance and/or Services through the Platforms or otherwise;
4.2.3.from the Group’s own records relating to its previous provision of assistance or responses to the data subject’s request for Services.
4.3. the Group will not collect personal information regarding a child except when the consent of the child’s parent or guardian is given;
4.4. the Group will not collect special personal information regarding or individual's religious or philosophical beliefs, trade union membership, political opinions unless permitted by law or with consent from the data subject.
4.5. You acknowledge that due to the nature of the Services you specifically consent to us collecting information about your health, and where necessary to the Services you choose, your sexual life.
5. Purpose specification
5.1. The POPI Act requires that the data subject be informed of the purpose or reason for the collection of their data so that You may either give consent or refuse it. The purpose for which personal information is collected should be specified at the time the information is being collected. In addition, any further use of the collected personal information should be compatible with the initial purpose of collection.
The Group needs to collect and process personal information from You for the following purposes:
5.2. access to the Services including:
5.2.1.Subscription to your package of choice. This will include collecting your name, date of birth, gender, marital status and email address as well as a choice of areas of interest which may include health or wellness related information;
5.2.2.Video’s on demand for which we track which videos are viewed in order to enable trending video promotion and data about the type of device used, form of access and type of browser. We also track geographical data through our third party video hosting platform Bright Cove.
5.2.3.Courses on various topics which you may register for. We will collect your name, gender, date of birth, demographics and email address to enable this Service;
5.2.4.Live sessions with service providers. In order to register for a live session we will collect your name, surname, email address, contact number and company information or personal information;
5.2.5.Connecting You with healthcare service providers through the Engage platform where you can book consultations with them. We will be sure to obtain your consent again with each booking. To enable this Service we will collect:
18.104.22.168.Your name, telephone number, email address, physical address, date of birth and medical aid details where applicable;
22.214.171.124. Your medical records, should you choose to upload them:
126.96.36.199.1.1.They will be shared with the healthcare service provider that you book a consultation with.
188.8.131.52.1.2.The first healthcare service provider may share your personal information with other healthcare service providers that you are being referred to. You consent to your health information being shared with additional healthcare service providers that you are being referred to;
184.108.40.206. the recording of the consultation, which will be stored on Engage for your future ease of access;
220.127.116.11. a record of your chat log with the healthcare service provider will be will be stored on Engage for your future ease of access;
18.104.22.168. any documents uploaded by your healthcare service provider including scripts. These will be stored on Engage for your future ease of access;
5.2.6. Processing payment for services. We will collect your name, your debit or credit card details.
5.2.7.We may use your data in an anonymized and de-identified manner for research purposes;
5.2.9.Providing personalised communication;
5.2.10. Audit and record-keeping purposes;
5.2.11. In connection with legal proceedings including debt collection;
5.2.12. In connection with and to comply with legal and regulatory requirements or when it is otherwise allowed by law; and/or
5.2.13. For a purpose that is ancillary to the above and for any other purpose for which consent is provided by You;
5.3. As a User, by using the Platforms You consent to the collection and processing of personal information by the Group for the above purposes.
5.4. In the event that the Group seeks to use the information for another purpose which is different to the purpose for which the information was collected initially, then the Group will contact You to obtain their consent for further processing.
6. Confidentiality of doctors
6.1. Doctors are aware of their common law and legislated obligations of confidentiality towards patients. The Group does not have similar obligations to patients or Users and can’t guarantee that communications on the Platforms will be afforded similar protections. You should read our Terms for more information.
7. Processing limitation and sharing of personal data
7.1. the Group will ensure that the personal information collected from You will be processed if, given the purpose for which it is processed, it is adequate, relevant and not excessive.
7.2. Furthermore, information will be collected directly from You by the Group or third parties authorised by the Group only after Your consent is obtained.
7.3. the Group will not process Your personal information without consent unless:
7.3.1.it is necessary to carry out actions for the conclusion or performance of a contract to which You are party;
7.3.2.the processing complies with an obligation imposed on the Group by law;
7.3.3.the processing protects a legitimate interest of yours;
7.3.4.the processing is in the public interest;
7.3.5.the processing is necessary for pursuing the Group’s legitimate interests or the legitimate interests of a third party to whom the information is supplied.
7.4. the Group may act as a data Operator on behalf of someone else. In that event the Responsible Party will have the responsibility to obtain consent for our processing of data. We will act only on the instructions of the Responsible Party and do nothing else with the data outside of the consent.
7.5. Where You act as a representative of another person You are the Responsible Party and we are Operators processing the information on your behalf and on your instructions. Where You insert your Principals personal information you warrant that You have their consent to do so and indemnify the Group and hold us harmless against any claims or loss that may arise.
8.1. Unless one of the additional conditions listed in above applies where we will process personal data without consent, the Group will not collect or process personal information without your consent. Consent is normally sought explicitly by the Group, however, there are also some actions and behaviour that may amount to consent. This includes signing an agreement or application or ticking a tick box on a form whether physical or online and by merely using this Platforms.
8.2. You explicitly consent to the processing of your personal information, including forms of special personal information such as health and sexual behaviour, by your use of the Platforms. If You do not wish to consent to the processing of your personal information as set out herein do not use the Platforms or any of the Services offered on it.
8.3. You may withdraw or revoke your consent for us to process your personal data at any time. This withdrawal of consent must be communicated to the Information Officer in writing with reasonable notice. The withdrawal of consent is subject to the terms and conditions of any contract that is in place including the Terms. Should the withdrawal of consent result in the interference of legal obligations, then the withdrawal will only be effective if the Group agrees to same in writing. the Group will inform the data subject of the consequences of the withdrawal where it will result in the Group being unable to provide the requested information and/or Services and/or other benefits. The revocation of consent is not retroactive and will not affect disclosures of personal information that have already been made.
9. Disclosure and/or distribution of personal information
9.1. the Group will only a process your personal information for business purposes and in a manner, which is consistent with the purpose for which consent has been given.
9.2. In the case of personal information being collected indirectly or distributed to third parties, it will be used in line with the purpose for which the information was collected. No personal information will be disclosed or distributed to third parties unless the disclosure or distribution satisfies any of the conditions listed above where consent is not necessary, or prior consent or approval has been given by You.
9.3. the Group may also de-identify personal information and use it for research, surveys and communication in order to improve the Group’s offering. This will work solely to improve the Group’s operations and broader reach and is not information which can be directly attributed to one person in particular.
9.4. the Group may nevertheless disclose your personal information where it is required to do so in terms of applicable legislation, or where it may be necessary in order to protect the Group’s rights.
9.5. In the event that the Group does share personal information with a third party, it shall take all reasonable steps to ensure that the third party treats the information in a manner which is consistent with this Notice.
10. Retention of personal information
10.1. Where the Group collects personal information for a specific purpose, it will not keep it for longer than is necessary to fulfil that purpose, unless:
10.1.1. Further retention is required by law;
10.1.2. the Group reasonably requires it taking into account the nature of the information and the purpose consented to;
10.1.3. Retention is required by a contract between us; and/or
10.1.4. You consent to further retention.
10.2. Once the purposes for collection have been fulfilled, the personal information may be destroyed in accordance with the POPI Act.
10.3. In order to protect information from accidental or malicious destruction, when the Group deletes information from its servers it may not immediately delete residual copies from its servers or remove information from its backup systems. Copies of correspondence that may contain personal information is stored in archives for record-keeping and back-up purposes only.
10.4. Where the law requires the Group to keep personal information post its use for a specified period of time, all personal information will be kept securely for the duration specified by law.
11. Safeguards, security and incident management
11.1. The Group strives to ensure the security, integrity and privacy of personal information submitted.
11.2. While no data transmission over the Internet can be guaranteed to be totally secure, the Group will endeavour to take all reasonable steps to protect personal information submitted to it or via its online Services.
11.3. The following methods of protection are in place to ensure that personal information disclosed to the Group is protected:
11.3.1. the Group stores client data on an external cloud server which is protected by firewalls and data is encrypted;
11.3.2. Password protection is active on computers that may contain personal information thereby limiting access to authorised the Group personnel only;
11.4. Third Parties
11.4.1. the Group uses Peach Payment Services (Pty) Ltd to facilitate payments. is a company duly registered and incorporated in accordance with the laws of the Republic of South Africa and with registration number 2012/076633/07 and located at 66 Albert Road, Woodstock 7915, South Africa.
11.4.2. If you are a User or client you hereby consent to personal information being used by Peach Payments for the purposes of processing online payments.
11.4.3. Peach Payments is the data Operator, however, the Group remains the responsible person in respect of your personal information used on their service. Their services are in line with South African data privacy laws. You can read their privacy Notice here: https://support.peachpayments.com/support/solutions/articles/47001098869-peach-payments-privacy-policy
11.4.4. the Group uses Google Inc t/a Google Analytics to analyse responses and determine future communication. Mailchimp is a company duly registered and incorporated in accordance with the laws of the United States of America (California) and located at 1600 Amphitheatre Pkwy Mountain View, CA 94043-1351;
11.4.5. If you are a User or client you hereby consent to personal information being used by Mailchimp for the purposes of analyses and for future marketing purposess;
11.4.6. Google Analytics is the data Operator, however, the Group remains the responsible person in respect of your personal information used on their service. Their services are in line with South African data privacy laws. You can read their privacy Notice here: https://policies.google.com/privacy?hl=en_US;
11.4.7. the Group uses Digital Genesis LLC to provide facilitate registration for services. Digital Genesis LLC is a company duly registered and incorporated in accordance with the laws of the United States of America (California) and located at 7660 Fay Ave #H184
La Jolla, CA 92037;
11.4.8. If you are a User or client you hereby consent to personal information being used by Digital Genesis for the purposes of registration;
11.4.9. Digital Genesis is the data Operator, however, the Group remains the responsible person in respect of your personal information used on their service. Their services are in line with South African data privacy laws. You can read their privacy Notice here:: https://home.webinarjam.com/privacypolicy#_ga=2.66777261.2073646564.1608640299-1190482422.1608640299.
11.4.10. the Group uses Brightcove Inc to provide facilitate video services. Brightcove Inc is a company duly registered and incorporated in accordance with the laws of Singapore and located at South Beach Tower, 38 Beach Rd, #04-14, Singapore 189767;
11.4.11. If you are a User or client you hereby consent to personal information being used by Brightcove Inc for the purposes of providing its video services;
11.4.12. Brightcove Inc is the data Operator, however, the Group remains the responsible person in respect of your personal information used on their service. Their services are in line with South African data privacy laws. You can read their privacy Notice here: https://www.brightcove.com/en/legal/privacy
11.5. the Group’s employees are obliged to respect the confidentiality of any personal information held by the Group;
11.6. Third parties who provide these services are obligated to respect the confidentiality of any personal information;
11.7. the Group’s Information Officer, whose contact details are provided below, is responsible for the encouragement of compliance with POPI.
11.8. the Group will review and update its security measures in accordance with future legislation and technological advances.
12. Cross border transfer of data
At present we do not transfer your data outside of South Africa. Should we do so in future we will amend this Notice and obtain your explicit consent unless to do so is part of the performance of the agreement between us or the transfer is for your benefit and it is not reasonably practicable to obtain your consent and such consent would be likely to be given.
13.1. The management and Information Officer of the Group are responsible for administering and overseeing the implementation of this Notice and any applicable supporting guidelines and procedures.
13.2. the Group remains responsible for all personal information collected and stored. This includes all and any information collected directly from You and from any other source or authorised third parties.
14. Data subject’s access to and correction of personal information
14.1. You have the right to be informed whether the Group holds your personal information and to view any such personal information the Group may hold. Furthermore, You have the right to be informed as to how that information was collected and to whom your personal information has been disclosed.
14.2. You may at any time, request disclosed information by contacting the Group’s Information Officer.
14.3. Information requested will be provided to You within a reasonable time.
14.4. You are entitled to, at any time, inform the Group of any changes to your personal information in the possession of the Group. Upon receipt of any changes to personal information, the Group will, within a reasonable period, update the personal information. the Group relies largely on You to ensure that your personal information is correct.
14.5. You have the right to ask the Group to amend or delete their personal information on reasonable grounds. We don’t have to make the amendment if we are satisfied it isn’t true but we will make a note of it in the register.
14.6. You may be prompted periodically by a representative to update the personal information that the Group holds. Failure to reply to the prompts to update personal information will result in the assumption that all information that is on the Group’s systems is accurate.
Violations of this Notice and of POPI will be dealt with by the Information Regulator. A data subject who has a complaint against the Group either concerning its conduct or this Notice, may refer a complaint to the Information Regulator in terms of sections 63(3) and 74 of POPI.
16. Effective date
This Notice is effective as of 1 February 2021.
17. Contacts, queries and objections:
Email address: firstname.lastname@example.org
Physical address and Postal address: 28 Majuba Avenue, Quellerina, North Cliff 1709
17.1. All questions and queries relating to personal information must be directed the Information Officer using the contact information listed above. The Information Regulator has issued the following useful forms for applications for information and granting forms of consent which may be useful for you:
17.2. The contact details for the Information Regulator are:
Name: Adv Pansy Tlakula
Telephone number: +27 (0) 10 023 5207
Email address: email@example.com
Address: 33 Hoofd Street, Forum III, 3rd Floor Braampark
Postal Address: P.O Box 31533, Braamfontein, Johannesburg, 2017
18. Amendments to this Notice
18.1. the Group will amend this Notice periodically.
18.2. Data subjects are advised to check the Group’s website periodically to ascertain whether any changes have been made.