Privacy Policy for Elle Health (Pty) and Elle Assist (Pty) Ltd

1. Introduction

Elle Health (Pty) Ltd and Elle Assist (Pty) Ltd ("we", "us", "our") is committed to protecting the privacy of our clients, employees, and partners. This Privacy Policy outlines how we collect, use, store, and protect personal information in compliance with the Protection of Personal Information Act (POPIA).

2. Personal Information We Collect

We may collect and store the following types of personal information directly or via our clients:

• Patients: Names, contact details, ID numbers, medical records, billing information, and other relevant medical data.
• Employees: Names, contact details, demographic information, employment history, financial information, and other employment-related data.
• Suppliers and Business Partners: Contact details, banking details, contract details, and other relevant business information.

3. Purpose of Processing Personal Information

We process personal information for various purposes, including:

• Patients: Administration and processing of medical claims, maintaining medical records, billing, and follow-ups.
• Employees: Employee administration, payroll processing, tax compliance, and maintaining employment records.
• Suppliers and Business Partners: Managing business relationships, processing payments, and ensuring contract compliance.

4. Legal Basis for Processing

We process personal information based on the following legal grounds:

• Consent: Where you have given explicit consent for specific processing activities.
• Contract: To fulfil our contractual obligations with you.
• Legal Obligation: To comply with legal and regulatory requirements.
• Legitimate Interest: To pursue our legitimate business interests, provided your rights and interests do not override these.

5. Data Subject Rights

Under POPIA, data subjects have the following rights:

• Access: You have the right to request access to your personal information.
• Correction: You can request correction or updating of your personal information.
• Deletion: You can request deletion of your personal information under certain conditions.
• Objection: You have the right to object to the processing of your personal information.
• Complaints: You have the right to lodge a complaint with the Information Regulator.

6. Data Security Measures

We implement various security measures to protect personal information, including:

• Firewalls and antivirus software.
• Secure access control and encryption.
• Regular security audits and updates.
• Non-disclosure agreements with employees and third parties.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements.

8. Sharing of Personal Information

We may share personal information with:

• Service Providers: Third parties who assist us in providing services (e.g., data storage, email communication).
• Legal Authorities: When required by law or to protect our legal rights.
• Business Transfers: In the event of a merger, acquisition, or sale of assets.

9. International Data Transfers

Where personal information is transferred outside South Africa, we ensure appropriate safeguards are in place to protect the data in accordance with POPIA.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website and, where appropriate, notified to you via email.

11. Contact Information

For any questions or requests regarding this Privacy Policy, please contact our Information Officer:

• Information Officer Elle Health: Joanne van Zyl
• Email: joannevz@elle.health
• Phone: 0861 00 3553

And

• Information Officer Elle Assist: Cindy Ludick
• Email: cindyl@elle.health
• Phone: 0861 00 3553

12. Complaints

If you believe your personal information has been processed in violation of POPIA, you have the right to lodge a complaint with the Information Regulator.