Data Protection & Privacy Policy
Last updated: October 2021
Please read the following Data Protection & Privacy Policy (Privacy Policy) before you use the NDoH Facility Complaints mobile application (the app).
- Introduction and legal basis
- The app is free and easy to use. The purpose of the app is to allow users to log complaints about public health facilities to the Ideal Health Facility information system. while providing strong protection for each user’s right to privacy as provided for in section 14(d) of the Constitution.
- This Privacy Policy explains the extent to which we collect information when you use the app. It also explains:
- How your information is used;
- Who your information is shared with;
- How your data is kept securely;
- The extent to which any personal information is transferred or stored.
- “Personal data” or “personal information” means all information relating to an identified or identifiable person.
- “Processing” means any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving, or destruction of data.
- The processing of personal data is governed by the Exposure Notification rules set out by Alphabet Inc. and Apple Inc.
- The provisions and safeguards in the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) have been used as a benchmark for the protection of the right to privacy.
- Responsible Party
- The controller responsible for the data processing described herein is the:
National Department of Health (NDoH)
AB Xuma Building
128 Voortrekker Rd
Raslouw AH
Pretoria
- The entire system for the app is under the direct control of the NDoH and is operated technically on its behalf, by ASG Solutions (PTY) LTD.
- Where the NDoH engages third parties to assist with providing this service, they have signed confidentiality agreements, undertaking contractually to comply with all requirements of regulation 8 of the Regulations Issued in Terms of Section 27(2) of the Disaster Management Act, 2002 as well as the provisions of the Terms and Conditions
and Privacy Policy. The NDoH monitors their compliance with these legal requirements.
- ASG Solutions developed the app software on behalf of the NDoH and provides any necessary technical support services. ASG Solutions will periodically provide basic service volumes to the NDoH. This data is completely anonymized.
- All employees of the NDoH and ASG Solutions are bound by confidentiality in the management of data.
-
3. Collection and processing of personal data
- The purpose of the app is to allow users to log complaints about public health facilities to the Ideal Health Facility information system. Designated staff at the relevant provincial and district offices and facility will have access to the Ideal Health facility information system where complaints logged on the APP are stored to allow
staff to manage
the complaints according to the National guideline to manage complaints, compliments and suggestions. This aim is achieved in several ways:
- The processing of personal data is kept to the minimum required to resolve the complaints and the app does not collect location data via data location services.
- Operation of the app – how does it work?
- There are two main phases in the app’s process.
- Users log complaints against specific facilities. This information is pushed to the Ideal Health Facility information system.
- Users who create a profile on the system can track the progress of the complaint as it is processed by designated staff who has access to the Ideal Health Facility information system.
- Data transfer
- Complaint data is transferred to the Ideal Health Facility information system via an encrypted API.
- The app uses an interface to the operating system of the user’s mobile phone, which entails the processing of data by Apple or Google (a subsidiary of Alphabet Inc.).
- The operating system functions used via the interface comply with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013). The NDoH makes sure that these requirements are complied with, in particular by obtaining appropriate assurances.
- How long will data be retained and when will it be destroyed?
- Because the data relates to formal complaints made to public health facilities, that data must be retained by the Ideal Health Facility information system. However, the app will retain the data so long as the user’s account is not deactivated.
-
What security measures are in place to secure my data and keep my identity anonymous?
- Only state entities and their contracted development partner are allowed to control the app. The system is only permitted to be used logging and tracking complaints by the user.
- Nothing is done without your permission. In this regard:
- The app can also be deleted/uninstalled by the user at any time.
- This system does not collect location data from your device and does not share the identities of other users to each other, Google or Apple.
- The user controls all data they want to share, and the decision to share it.
- To protect data against unauthorised access, loss, or misuse the app makes use of a variety of sophisticated technical security measures (including, for instance, encryption; logging, access controls and restrictions). The NDoH and its partners also employ organisational strategies (including, for example, staff directives,
confidentiality
agreements, reasonably regular inspections) to ensure that all legal requirements have been, and are being, complied with.
-
What security measures are in place? To protect data against unauthorized access, loss, or misuse, the NDoH, in collaboration with ASG Solutions and external hosting providers and other IT service providers, takes appropriate security measures of a technical (e.g. encryption, logging, access controls and restrictions, data backup,
IT
and network
security solutions, etc.) and organisational nature (e.g. staff directives, confidentiality agreements, inspections, etc.) in accordance with South African data protection legislation and corporate policies where applicable.
- Rights of all app users
- In the event of alleged infringements of any data protection legislation in force in the Republic at the time of the alleged infringement, you can contact the competent data protection supervisory authority or take legal action in accordance with that data protection legislation.
- The ability to exercise your rights requires that you provide clear evidence of your identity (e.g., a copy of your identity documents). To assert your rights, you can contact the NDoH at the address given in Section 2.
- Other documents governing privacy and data protection
This Privacy Policy is not necessarily exhaustive. Specific matters may be governed by other data protection statements, similar documents, or terms and conditions of use. Where that is so, a link to any such documents will be made available to the user in the app.