Privacy Policy

1. Introduction

EzeHealth ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal information when you visit our website, use our platform, or interact with us in any way.

This policy is drafted in accordance with the Protection of Personal Information Act, 2013 (POPIA) of South Africa and other applicable data protection legislation. By using our services, you acknowledge that you have read and understood this Privacy Policy.

EzeHealth is a healthcare management platform designed for care facilities in South Africa. Given the nature of our services, we take data privacy and security with the utmost seriousness.

2. Information We Collect

We may collect and process the following categories of personal information:

2.1 Information You Provide

• Account Information: Name, email address, phone number, company name, and job title when you register for an account or request a demo.
• Contact Information: Name, email, phone number, and message content when you reach out through our contact form.
• Billing Information: Company details, billing address, and payment information necessary to process subscription payments.
• Facility Data: Patient records, care plans, medication data, staff information, and other data you enter into the platform as part of your facility's operations.

2.2 Information Collected Automatically

• Usage Data: Information about how you use our website and platform, including pages visited, features used, and time spent.
• Device Information: IP address, browser type, operating system, device type, and screen resolution.
• Cookies and Tracking: Information collected through cookies, web beacons, and similar technologies as described in our Cookie Policy below.
• Log Data: Server logs that record requests made to our servers, including timestamps and referring URLs.

3. How We Use Your Information

We use your personal information for the following purposes:

• Service Delivery: To provide, maintain, and improve our healthcare management platform and related services.
• Account Management: To create and manage your account, process subscriptions, and handle billing.
• Communication: To respond to your enquiries, send service-related notifications, and provide customer support.
• Security: To detect, prevent, and address technical issues, fraud, and security threats.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes, including POPIA requirements.
• Analytics: To understand how our services are used and to improve user experience, in an aggregated and anonymized manner where possible.
• Marketing: With your consent, to send you information about new features, updates, and promotional offers related to our services.

4. Legal Basis for Processing

Under POPIA, we process your personal information based on one or more of the following lawful grounds:

• Consent: Where you have given us explicit consent to process your information for a specific purpose.
• Contract: Where processing is necessary for the performance of a contract with you, such as your subscription agreement.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate Interest: Where processing is necessary for our legitimate interests, provided those interests do not override your rights and freedoms.

5. Data Storage and Security

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction.

• All data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption.
• Our servers are hosted in secure data centres within South Africa.
• We implement role-based access controls, regular security audits, and vulnerability assessments.
• We maintain secure backup procedures and disaster recovery protocols.
• Staff with access to personal information are subject to confidentiality obligations and receive regular training.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

6. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

• Right of Access: You have the right to request confirmation of whether we hold personal information about you and to request access to that information.
• Right to Correction: You have the right to request that we correct or update any inaccurate or incomplete personal information.
• Right to Deletion: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose it was collected.
• Right to Object: You have the right to object to the processing of your personal information for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the Information Regulator if you believe your rights have been infringed.

To exercise any of these rights, please contact our Information Officer using the details provided below.

7. Information Officer

Our designated Information Officer can be contacted regarding any privacy-related queries or requests:

8. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files placed on your device that help us provide and improve our services.

Types of Cookies We Use

• Essential Cookies: Required for the website to function properly. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously.
• Functional Cookies: Enable enhanced functionality and personalisation, such as remembering your preferences.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

9. Third-Party Service Providers

We may share your personal information with trusted third-party service providers who assist us in operating our platform, conducting business, or servicing you. These parties are contractually obligated to keep your information confidential and to use it only for the purposes for which it was disclosed.

Third parties may include:

• Cloud hosting and infrastructure providers
• Payment processing services
• Email and communication service providers
• Analytics and monitoring tools

We do not sell, trade, or otherwise transfer your personal information to outside parties for marketing purposes without your explicit consent.

10. Data Retention

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods include:

• Account Data: Retained for the duration of your subscription and for up to 12 months after account closure, unless a longer period is required by law.
• Facility and Patient Data: Retained for the duration of your subscription. Upon termination, data can be exported and is deleted within 90 days unless otherwise agreed.
• Contact Enquiries: Retained for up to 24 months after the enquiry is resolved.
• Billing Records: Retained for the period required by South African tax and financial regulations (currently 5 years).

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised "Last updated" date.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services after any changes constitutes acceptance of the updated policy.

12. Information Regulator

If you are not satisfied with the way we handle your personal information, you have the right to lodge a complaint with the Information Regulator of South Africa: