Privacy Policy
This Privacy Policy explains how personal information is collected, used, stored, shared, and protected when you interact with this website or consult with the practice. It is intended to support the conditions for lawful processing under South African privacy law, including the Protection of Personal Information Act, 4 of 2013 (POPIA).
1. Who I am (Responsible Party)
For POPIA purposes, the “Responsible Party” is the person or entity that determines why and how personal information is processed. In this practice, the Responsible Party is:
Chinese Medicine & Acupuncture Practice
4 Westrup Close, Parkrand, Boksburg, 1459, South Africa
Email: drbapoo@gmail.com
WhatsApp: +27 82 797 5342
2. What personal information I collect
Depending on how you interact with me and my practice, I may collect the following categories of personal information:
- Contact details (name, phone/WhatsApp number, email address).
- Appointment details (dates, times, attendance history, communication preferences).
- Clinical information you provide during consultation (symptoms, medical history, medication and supplements, lifestyle factors, examination findings, and clinical notes).
- Billing and payment-related information (invoice references and payment confirmations). I do not intentionally store full card details on this website.
- Website technical data (IP address, device/browser info, pages visited, approximate location, referral source), primarily for security and performance.
3. How I collect personal information
- When you contact me (WhatsApp, email, phone) or submit a website form (if enabled).
- When you book or attend a consultation and provide information as part of care.
- Automatically through standard website technologies (server logs, security tools, and, where used, cookies).
4. Why I process your personal information (purpose)
I process personal information only for specific, explicit, and lawful purposes, including:
| Purpose | Examples |
|---|---|
| Provide clinical care | Assessment, pattern diagnosis, treatment planning, clinical notes, follow-up advice, and continuity of care. |
| Appointments & communication | Confirmations, rescheduling, reminders, and responding to queries. |
| Billing & administration | Invoices, payment tracking, and practice administration. |
| Legal and regulatory compliance | Maintaining appropriate records, responding to lawful requests, and meeting professional obligations. |
| Website security and performance | Detecting abuse, preventing fraud, and improving site reliability. |
5. Lawful basis for processing
POPIA allows processing where it is justified on recognised grounds. In my practice, processing typically relies on one or more of the following:
- Your consent (for example, where you voluntarily provide information or opt in to specific communications).
- Performance of a contract (to deliver services you request, including consultations).
- Legal obligation (where processing is required by South African law).
- Legitimate interests (for example, basic administration and security, balanced against your rights).
6. Clinical and special personal information
Health information is generally treated as “special personal information” under POPIA. I handle clinical information with particular care and limit access to what is reasonably necessary for providing services and managing the practice responsibly.
7. Sharing your personal information
I do not sell personal information. I may share limited information only where necessary, including:
- Service providers used to operate the website or communications (hosting, security, email/IT support), subject to appropriate safeguards.
- Professional collaboration if you request it or where it is clinically appropriate (for example, correspondence with another healthcare provider), typically with your knowledge and, where required, consent.
- Legal requirements where disclosure is required by law, court order, or lawful regulatory request.
8. International transfers
Some technology providers (for example, web hosting, email infrastructure, analytics or security tools) may process data on servers outside South Africa. Where cross-border processing occurs, I take reasonable steps to ensure appropriate protections are in place and that processing remains consistent with POPIA.
9. Retention
I retain personal information only as long as reasonably necessary for the purposes described in this policy, including continuity of care, lawful record-keeping, and dispute resolution. When no longer required, information is securely deleted or de-identified where practical.
10. Security safeguards
I implement reasonable technical and organisational measures to protect personal information against loss, damage, unauthorised access, or unlawful processing. Measures may include access controls, secure hosting, backups, and security monitoring. No website or electronic storage method is 100% secure.
11. Cookies and website analytics
This website may use cookies or similar technologies for core functionality, security, and (where enabled) performance measurement. You can control cookies through your browser settings. Disabling certain cookies may affect site functionality.
12. Direct marketing
I do not send unsolicited electronic marketing. If marketing communications are ever used, you will be given a clear option to opt in and a simple method to opt out at any time. You may object to direct marketing processing at any time.
13. Your rights as a data subject
You have rights under POPIA, which may include:
- To be notified that personal information is being collected and to understand the purpose of collection.
- To access personal information held about you.
- To request correction, updating, or deletion of personal information where appropriate.
- To object to processing in certain circumstances, including direct marketing.
- To withdraw consent where processing is based on consent (without affecting prior lawful processing).
- To lodge a complaint with the Information Regulator.
14. How to make a POPIA request
Requests for access, correction, or deletion should be submitted in writing to drbapoo@gmail.com. Please include your full name, contact details, and enough information to identify the records you are requesting. I may need to verify your identity before responding.
15. Complaints
If you believe your personal information has been processed unlawfully, contact me first so I can address the issue. You also have the right to lodge a complaint with the Information Regulator (South Africa).
For current contact details and complaint procedures, refer to the Information Regulator’s official website.
16. Changes to this policy
I may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. The “Last updated” date at the top of this page indicates when changes were last made.