POPIA Compliance Policy

 POPIA Compliance Policy for Elite Health Medical

Effective Date: December 09, 2025

Last Updated: December 09, 2025

Elite Health Medical (Pty) Ltd ("Elite Health Medical," "we," "us," or "our") is a nursing staffing agency specializing in operating theatre support and homebased care services in Johannesburg and Pretoria, South Africa. We are committed to protecting your personal information and complying with the Protection of Personal Information Act, 2013 ("POPIA"), as well as other relevant legislation such as the Promotion of Access to Information Act, 2000 ("PAIA"), the National Health Act, 2003, and the Consumer Protection Act, 2008.

This POPIA Compliance Policy ("Policy") explains how we collect, process, use, store, share, and protect personal information when you interact with our website (www.elitehealthmedical.co.za), contact us (via phone: 010 140 8037 or email: info@elitehealthmedical.co.za), or use our services. It applies to all data subjects, including clients (e.g., surgeons, hospitals, patients), job applicants, employees, and suppliers.

By providing us with your personal information or using our services, you consent to the practices described herein. If you do not agree, please do not submit your information or engage with us. We process information lawfully, transparently, and only as necessary for our operations.

For questions or to exercise your rights, contact our Information Officer (details in Section 12).

 1. Purpose and Scope

The purpose of this Policy is to ensure accountable, lawful, and ethical processing of personal information in line with POPIA's eight conditions for lawful processing. It covers all personal information processed by Elite Health Medical, whether manually or automatically, including via our website, emails, phone calls, or service delivery.

This Policy applies to:

 All staff, contractors, and third parties acting on our behalf.

 All interactions, including service inquiries, staffing requests, billing, and job applications.

We do not process information in a way that is excessive, irrelevant, or prejudicial to your dignity.

 2. Definitions

 Personal Information: Any information relating to an identifiable, living, natural person or juristic person (e.g., name, email, phone number, address, ID number, medical aid details).

 Special Personal Information: Sensitive data requiring extra protection, including information on race, ethnic or social origin, health (physical or mental, including medical history, disability, or wellbeing), religion, beliefs, sexual orientation, biometric data, or criminal behavior.

 Processing: Any operation on personal information, such as collecting, receiving, recording, organizing, storing, updating, retrieving, using, distributing, or destroying it.

 Responsible Party: Elite Health Medical, as the entity determining the purpose and means of processing.

 Operator: A third party (e.g., IT provider or medical aid) processing information on our instructions.

 Data Subject: You, as the individual whose information we process (e.g., patient or surgeon).

 Consent: Voluntary, specific, informed, and unambiguous agreement to processing.

 3. What Personal Information We Collect

We collect only information necessary for providing highquality nursing services. Examples include:

 From Clients/Patients: Name, contact details (email, phone, address), medical details (e.g., surgery type, postoperative needs, health history for matching nurses), medical aid information (e.g., Discovery Health, Bonitas), and billing details.

 From Job Applicants/Staff: CVs, qualifications, ID copies, contact details, and professional references (including healthrelated certifications).

 From Suppliers/Partners: Company details, bank information for payments, and contact persons.

 From Website Visitors: IP address, browser type, and pages visited (via cookies—see Section 10).

 Special Personal Information: Health and medical details (e.g., wound management needs, disability accommodations), collected only when directly relevant to care or staffing.

We collect information directly from you (e.g., forms, calls) or indirectly (e.g., from referring doctors, medical aids, or public sources for verification).

 4. How and When We Collect Personal Information

Collection occurs:

 Directly: During inquiries, service bookings, job applications, or phone/email exchanges.

 Indirectly: From medical aids for billing, hospitals for staffing requests, or automated tools for website analytics.

 Timing: When you request services (e.g., theatre nurse for a procedure), apply for roles, or visit our site.

We notify you at collection (e.g., via website notice or verbal confirmation) about the purpose, your rights, and our contact details.

 5. Purposes for Processing Personal Information

We process information only for specified, legitimate purposes, including:

 Providing services (e.g., matching nurses to surgeries, home care coordination).

 Administering contracts (e.g., billing, scheduling).

 Communicating updates, invoices, or feedback.

 Complying with legal obligations (e.g., health regulations, tax reporting).

 Improving our offerings (e.g., anonymized analytics).

 Recruiting and managing staff.

Processing stops when the purpose is fulfilled, unless required by law.

 6. Processing Special Personal Information

Special information (e.g., health details for postoperative care) is processed only if:

 You consent explicitly (informed and voluntary).

 It is necessary for healthcare delivery under the National Health Act.

 Required by law (e.g., reporting notifiable conditions).

 For legitimate interests like emergency care, with safeguards.

We limit processing to what is adequate and relevant, ensuring accuracy for safe care.

 7. Sharing and Disclosure of Personal Information

We do not sell your information. Disclosure occurs only when necessary:

 To Service Providers: Operators like IT hosts, accountants, or couriers, bound by confidentiality agreements.

 To Partners: Hospitals, surgeons, or medical aids for service fulfillment (e.g., sharing surgery details for nurse assignment).

 Legal Disclosures: To regulators, law enforcement, or courts if required.

 Business Transfers: In mergers, with notice to you.

International transfers (rare) comply with POPIA's adequacy requirements or binding agreements. All recipients must protect data equivalently.

 8. Data Security and Protection

We implement reasonable safeguards:

 Physical: Secure storage for records.

 Technical: Encryption for health data, firewalls, and access controls (e.g., passwordprotected systems).

 Organizational: Staff training, confidentiality agreements, and regular audits.

Risk assessments identify threats, and we respond promptly to breaches (notifying you and the Information Regulator if required). No system is foolproof, but we minimize risks diligently.

 9. Retention and Destruction

We retain information only as long as needed:

 Servicerelated: Until completion plus 57 years (for billing/health records per law).

 Inquiries: 1 year, then deleted.

 Job applications: 6 months if unsuccessful.

Thereafter, we securely destroy or anonymize data.

 10. Cookies and Website Tracking

Our website uses:

 Essential Cookies: For basic functionality (e.g., session management)—cannot be disabled.

 Analytics Cookies: For site improvement (e.g., via Google Analytics)—optional; opt out via browser settings.

We do not use tracking for advertising. Manage cookies through your browser.

 11. Your Rights as a Data Subject

Under POPIA and PAIA, you have rights to:

 Access: Request confirmation of processing and a copy (via PAIA Form C; possible fee for copies).

 Correction/Update: Amend inaccurate/incomplete data.

 Deletion: Request erasure if no longer needed (subject to legal retention).

 Objection/Restriction: Oppose processing for marketing or nonessential uses; restrict during disputes.

 Portability: Receive data in a structured format.

 Withdraw Consent: At any time, though this may affect services.

Requests are free (unless excessive) and processed within 30 days. Email info@elitehealthmedical.co.za with verification (e.g., ID copy). If denied, we explain reasons.

For children under 18, a competent person (e.g., parent) exercises rights; we do not knowingly collect minors' data without consent.

 12. Complaints and Contact Information

 Internal Complaints: Lodge with our Information Officer: [Name/Title, e.g., CEO or Designated Officer], email: info@elitehealthmedical.co.za, phone: 010 140 8037. Response within 14 working days.

 External: If unresolved, contact the Information Regulator: enquiries@inforegulator.org.za or +27 10 023 5200; address: JD House, 27 Siemens Street, Braamfontein, Johannesburg, 2001.

 13. Changes to This Policy

We may update this Policy for legal changes or business needs. We'll notify you via website/email for material updates. Continued use implies acceptance.

Thank you for trusting Elite Health Medical. Your privacy supports our mission of personalized, reliable care.