last updated 30/06/2021
Data protection and disclosure of information
As part of our day-to-day business of providing Dietetic services (the “Services”), we need to collect personal information from our clients and potential clients to ensure that we can meet their needs for the provision of or information about the Services.
Your privacy is important to us and it is our policy to respect the confidentiality of information and the privacy of individuals. This notice outlines how we manage your personal information and details your rights in respect of our processing of your personal information.
We process your information in terms of our Protection of Information Policy and Retention of Data Policy. To review same, kindly send a request to the Information Officer: Soné Greeff (firstname.lastname@example.org)
Defined terms herein, where not herein defined, are defined within the Protection of Personal Information Act, 2013 (as may be amended or substituted from time to time) (“POPIA”).
Who are we?
This Privacy Notice applies to the processing activities of Happy Healthy Kids (“HHK”) (the “Practice”); a stand alone practice of a registered dietitian with special interest in paediatrics and allergy (the “Therapist”). HHK is the Responsible Party (and Operator in certain instances) for the processing of your Personal Information.
Any reference to ‘us’, ‘our’, ‘we’ in this Privacy Notice is a reference to both HHK and the Therapist respectively. Similarly, any reference to ‘you’, ‘your’, ‘yours’ or ‘yourself’ in this Privacy Notice is a reference to any of our clients and potential clients as a Data Subject, or a Competent Person in respect of such client and potential client that is incompetent, such as a minor child.
Our Privacy Notice will be reviewed from time to time to take account of new obligations and technology, changes to our operations and practices, and to make sure it remains appropriate to the changing environment.
What kind of Personal Information do we collect?
We collect information necessary to fulfil our obligations to our clients in the course of providing the Services.
We may collect the following types of information about you:
Name, address and contact details, date of birth and gender, education and qualifications, employment details, family details, medical aid details, lifestyle and social circumstances, location data, any other similar information.
On occasion the following sensitive Personal Information may be obtained: physical or mental health details, racial or ethnic origin, religious or philosophical beliefs, eating patterns and oral intake, genetic data, biometric data. We will only obtain and process this information with your express consent as set out in terms of the relevant contractual terms.
Much of this information is collected in order to establish and assess the reasons for a referral to us as well as whether we can and should provide the Services (and products, where relevant) to you. If you chose not to provide the information required, we may not be able to provide you with the requested product or service.
If you provide us with any Personal Information relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained their consent and/or are a Competent Person in respect to the provision of such Personal Information.
The main activities of the Practice are the provision of dietetic services for minor children. In this respect, by submitting Personal Information (including sensitive personal information) to the Practice, you expressly provide your informed consent for the collection, processing and storage of such minor child’s Personal Information in respect of such minor child and confirm that you are duly authorised to do so as a Competent Person.
How is the Personal Information obtained?
We obtain this information in a number of ways, for example through the provision of intake assessments, interviews with you, relevant and related educators, relevant and related health care professionals, family members, questionnaires etc. as well as from information provided in the course of ongoing services and communication. Additionally, we may obtain Personal Information about you through your use of our websites, apps, or using cookies on our websites, in particular by recording your activity and which pages you look at on our websites (please see below on Cookies).
We may record any communications with you including electronic (including video conference), by telephone, in person or otherwise, which will constitute evidence of the communications between us. This information is collected in compliance with our regulatory duties in relation to our record keeping obligations. It may or may not be retrievable.
Such conversations may be recorded without the use of a warning tone or any other further notice.
What Lawful Basis do we rely on?
We may be required to collect and use certain types of Personal Information to comply with the requirements of the law and/or regulations, however we are committed to processing all personal information in accordance with POPIA and any other relevant data protection laws and codes of conduct (herein collectively referred to as “the data protection laws”) which are applicable to HHK and its business.
The data protection laws allow us to only process your data for certain reasons:
to perform a contract that we are party to;
to carry out legally required duties;
for us to carry out our legitimate interests;
where we obtain your consent;
to protect your interests; and
where something is done in the public interest.
All the processing carried out by us falls into the permitted reasons, for example; our use of your personal information in order to comply with our obligations under contract. This includes where a contract is not yet signed but you have requested us to take action as a first step (e.g. provide details of our services).
Where our use of your personal information requires consent, such consent will be provided explicitly by you as set out herein, in the Terms & Conditions entered into by you with HHK, or as otherwise provided or procured.
If we rely on your consent as our legal basis for processing your personal information, you then have the right to withdraw that consent at any time by contacting us using the contact details set out in this Privacy Notice; however, the withdrawal of consent may be limited by law or contract or subject to the completing of a relevant service or other similar and related activity. Withdrawal of consent will likely necessitate the termination of services.
We use WhatsApp for communication, which has embedded end-to-end encryption that ensures only the persons you're communicating with can read or listen to what is sent, and nobody in between, not even WhatsApp. We use Google Workspace (formerly “GSuite”) which is designed to meet stringent privacy and security standards based on industry best practices. We also utilise Zoom. Further information can be provided on request or researched via their respective websites. You consent to us processing personal information via these channels as well as telephonic communication.
What we do with the personal information we obtain?
We may use information held about you in the following ways:
To provide you with any services and/or information you request from us (which includes carrying out any obligations arising from any contracts entered into between you and us);
to notify you about changes to our services;
to provide you with information by post, email, telephone or otherwise about products and services of a similar nature to those you have previously purchased or expressed an interest in which are offered by HHK and which we think may be of interest to you. You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by contacting us by phone or email using the details in the ‘Contact us’ section below. You can unsubscribe from emails on request to the Information Officer.
to administer our sites and for internal operations, including troubleshooting, data analysis, load management, testing, research, statistical and survey purposes;
to improve our sites to ensure that content is presented in the most effective manner for you and for your device;
to measure or understand the effectiveness of content we serve to you and others, and to deliver relevant content to you;
for the purposes of providing services such as ‘most popular’ information on our site;
to deliver targeted advertisements to you and others as you browse the internet;
to obtain your feedback on a product, service or our sites via a third party appointed by us;
to allow you to participate in interactive features of our sites, when you choose to do so; and
as part of our efforts to keep our sites safe and secure.
Disclosure of your personal information
We may share the Personal Information we hold about you with the medical professional who referred you to our services.Your Personal Information may also be used for customer modelling, statistical and trend analysis, with the aim of developing and improving our services.
We will never sell, trade, or rent your Personal Information to others; however, we may share your information with selected third parties including:
our service providers, suppliers and sub-contractors for the performance of any contract we have entered into with them. They may then process this data on our behalf to help run some of our internal business operations for example IT services.
governmental or judicial bodies or agencies to comply with our legal and regulatory obligations;
non-affiliated companies may sometimes be used to provide certain services such as preparing and mailing reports, account statements and other information, conducting research on client satisfaction;
data, service and software providers that assist us in the improvement and optimisation of our sites;
Where we share your data with third parties we ensure that your data is held securely and in line with applicable legislation.
How we store Personal Information
Safeguarding the privacy of your information is important to us, whether you interact with us personally, by phone, by mail, over the internet or any other electronic medium.
We hold Personal Information in a combination of secure computer storage facilities and paper-based files and other records and take steps to protect the Personal Information we hold from misuse, loss, unauthorised access, modification or disclosure.
When we consider that Personal Information is no longer needed, we will remove any details that will identify you or we will securely destroy the records. However, we may need to maintain records for a significant period of time in line with our regulatory obligations.
If we hold any Personal Information in the form of a recorded communication, by telephone, electronic, in person or otherwise in relation to our regulatory obligations as detailed above, this information will be held in line with local regulatory requirements which will generally be until the minor child turns twenty-one years old, or unless a diagnosed disability is present, in which case the information is kept until the client is deceased.
Where you have opted out of receiving marketing communication we will hold your details on our suppression list so that we know you do not want to receive these communications.
The Retention of Documents Policy contains further information on this and is available on request.
Management and Safeguarding of Personal Information
We always take appropriate technical and organisational measures to ensure that your information is secure. We have appointed an Information Officer to ensure that our management of Personal Information is in accordance with this Privacy Notice, applicable policies, and the applicable legislation.
The internet is an open medium and we cannot guarantee that any information you send to us by email or via our sites will not be intercepted or tampered with; any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to prevent unauthorised access.
Your rights as a data subject
The data protection laws give you certain rights in relation to the data we hold on you. These are:
the right to be notified. This means that we must tell you how we use your Personal Information, and this is the purpose of this Privacy Notice;
the right of access. You have the right to access the Personal Information that we hold on you. To do so, you should make a subject access request;
the right for any inaccuracies to be corrected. If any Personal Information that we hold about you is incomplete or inaccurate, you are able to require us to correct it;
the right to have information deleted. If you would like us to stop processing your Personal Information, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it;
the right to restrict the processing of the Personal Information. For example, if you believe the Personal Information we hold is incorrect, we will stop processing it (whilst still holding it) until we have ensured that it is correct;
the right to portability. You may transfer the Personal Information that we hold on you for your own purposes;
the right to object to the inclusion of any information. You have the right to object to the way we use your Personal Information where we are using it for our legitimate interests;
the right to regulate any automated decision-making and profiling of Personal Information. You have a right not to be subject to automated decision making in way that adversely affects your legal rights.
Where you have provided consent to our use of your Personal Information, you also have the unrestricted right to withdraw that consent at any time subject to contractual obligations. Withdrawing your consent means that we will stop processing the Personal Information that you had previously given us consent to use. There will be no consequences for withdrawing your consent; however, in some cases, we may continue to store and use the Personal Information where so permitted by having a legitimate reason for doing so or where required by law, regulation or by any other competent authorities. We may also not be able to continue our services to you.
You can read more about these rights within section 5 of POPIA.
Transfers of Personal Information outside of South Africa
Your data may be transferred to, stored at, and processed at a destination outside of South Africa by our service providers (eg. Google Workspace and WhatsApp). By submitting your Personal Information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with applicable legislation or other relevant and appropriate laws.
Links to external websites
Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or how such websites collect and use your data. Please check these policies before you submit any Personal Information to these websites.
1. Facebook plugins (Like & share button)
We integrated Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, on our website. You can identify the Facebook plugins by the Facebook logo or the “like button“ on our website.
An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins.
If you visit our page, the plugin establishes a direct connection between your browser and the Facebook server, allowing Facebook to receive the information that you visited our page with your IP address.
If you click the Facebook “like button“ on our website, while being logged in to Facebook, you can link the content of our website on your Facebook profile.
If you do not want Facebook to match your visit of our website with your Facebook user account, please log out of your Facebook user account before visiting our website.
2. Google Maps
This website uses the Google Maps map service via an API. Google Maps is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To enable the functionality of Google Maps, it is required to save
your IP address. This information is generally transmitted and saved on a Google server in the USA. The Responsible Party has no influence over this information transmission.
3. Google Analytics
This website uses Google Analytics offered by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse user behaviour on our website.
Google Analytics uses “Cookies“ – small text files, which are saved on your computer. The information collected by the cookies is generally transmitted and saved to a Google server in the USA.
This website uses the anonymise Ip function. The users IP address is shortened, ensuring that the visitor is not personally identifiable. Within the framework of the agreement on information processing which the website provider has made with Google Inc., Google creates analyses of the users website activity and behaviour with the collected information, and provides The Responsible Party with services connected to internet usage.
If you do not want to have the cookie saved on your device, you can disable it in the preferences of your browser. However, we cannot ensure that you can access all functions without any limitations if your browser does not accept cookies.
Furthermore, you can use a browser plugin to prevent Google Inc. from obtaining and using the information which is collected by the cookie (including your IP address). The following link directs you to the plugin: https://tools.google.com/dlpage/gaoptout?hl=en
You can find further information on information usage by Google Inc. here: https://support.google.com/analytics/answer/6004245?hl=en
Access to Personal Information about you
You have the right to request a copy of the Personal Information we hold about you. If you would like a copy of some or all of this information you may contact us as follows:
Information officer contact details
Full name: Soné Greeff
Email address: email@example.com
Telephone numbers: 041 - 367 1974
Happy Healthy Kids head office details
Physical address: The Centre for Play and
77 3rd Avenue
Contact email address: firstname.lastname@example.org
Telephone numbers: 041 - 367 1974
If any of the information we hold is inaccurate, you can ask us to make any necessary amendments.
Updates to the Privacy Notice
We reserve the right to update this Notice to reflect any legal changes or changes to the way in which we process your Personal Information. The updated Notice will be delivered to you electronically to the details we hold on file and/or published on our website and it will come into effect at the time of publication generally.
If you have any queries regarding privacy issues or the content of this Privacy Notice, you can email us on email@example.com alternatively, by using the contact details provided above.
What if you have a complaint?
If you have a concern about any aspect of our privacy practices, you can make a complaint. This will be acted upon promptly. To make a complaint, please contact us via one of the methods set above. You undertake to first make a good faith attempt to resolve same with the Practice. If you are not first satisfied with our response to your complaint, you have the right to then lodge a complaint with our supervisory authority, the Information Regulator. You can find details about how to do this on their website: https://www.justice.gov.za/inforeg/.