LEGAL

Privacy Policy

Last Updated: [March 27, 2025]

Quick Privacy Summary

What data we collect: Personal details, contact information, medical history, and usage data
Why we collect it: To provide nuclear medicine services, manage appointments, and meet regulatory requirements
How we protect it: Through encryption, access controls, and staff training
Your rights: Access, correct, delete your data, or withdraw consent
Contact us: [email protected] or +27129420845

Introduction

This Privacy Policy explains how TheraMed Nuclear (“we”, “us”, or “our”) collects, uses, and protects your personal information when you use our services or visit our website at www.theramednuclear.co.za.

As a nuclear medicine practice, we understand the sensitive nature of your health information. We are committed to protecting your privacy and handling your data with care in accordance with the Protection of Personal Information Act (POPIA) of South Africa.

By using our services, you agree to the practices described in this Privacy Policy.

Definitions

Personal Data: Information that identifies you or makes you identifiable
Medical Data: Health-related information, including diagnoses, treatments, and test results
POPIA: Protection of Personal Information Act, the South African data protection law
Data Subject: You, as the person whose data we process
Information Officer: Our designated privacy professional responsible for ensuring compliance

Personal Data We Collect

Medical and Health Information

Medical history and conditions
Diagnostic images and test results
Treatment plans and medications
Referring physician information

Personal Identification Information

Full name and title
Date of birth and gender
ID number or passport details
Medical aid information

Contact Information

Email address
Phone number
Physical address
Emergency contact details

Website Usage Data

IP address and device information
Pages visited on our website
Time spent on our website
Referral source

How We Collect Your Data

Directly from you: During registration, appointments, and consultations
From other healthcare providers: With your consent or as legally permitted
Automatically: When you use our website or online services
From third parties: Medical aids, referring physicians (with appropriate authorization)

How We Use Your Data

We use your personal data for the following specific purposes:

Healthcare Provision

To provide nuclear medicine diagnostic services and treatments
To maintain accurate patient records
To coordinate care with other healthcare providers
To schedule and manage appointments

Administrative Purposes

To process medical aid claims
To send appointment reminders
To maintain our business records
To comply with healthcare regulations

Communication

To respond to your inquiries
To provide important service updates
To send follow-up care information
To request feedback on our services

Website Improvement

To analyze website usage patterns
To troubleshoot technical issues
To enhance user experience
To develop new online features

Legal Basis for Processing

Under POPIA, we process your data based on:

Your consent
Performance of our service agreement with you
Compliance with legal obligations
Protection of your vital interests
Legitimate interests of our practice

Data Retention

We keep your personal information only as long as necessary for the purposes described in this policy and as required by law.

Medical records: We retain these for a minimum of 6 years from your last visit, as required by South African healthcare regulations
Contact information: Maintained while you are an active patient and for 2 years thereafter
Financial records: Kept for 5 years as required by tax laws
Website usage data: Retained for 2 years for analytical purposes

You may request deletion of certain information, subject to our legal obligations to retain medical records.

Your Privacy Rights

Under POPIA, you have the following rights:

Right to be informed: Receive clear information about how we use your data
Right of access: Request copies of your personal information that we hold
Right to correction: Ask us to correct inaccurate or incomplete data
Right to deletion: Request erasure of your data in certain circumstances
Right to restrict processing: Limit how we use your data
Right to object: Object to processing based on legitimate interests
Right to withdraw consent: Revoke previous consent at any time

How to Exercise Your Rights

Email us: Send your request to [email protected]
Call us: Contact our Information Officer at +27129420845
Visit us: Submit a written request at our practice
Response time: We will respond to all requests within 30 days

We may need to verify your identity before fulfilling your request.

Special Considerations for Medical Data

As a nuclear medicine practice, we handle sensitive health information that requires special protection:

Medical Confidentiality

We adhere to strict medical ethical standards and confidentiality requirements
All staff members sign confidentiality agreements
Access to medical records is strictly controlled on a need-to-know basis

Special Categories of Data

Nuclear medicine procedures involve radiation exposure data
We maintain detailed records of radiation doses as required by law
This information is stored with enhanced security measures

Sharing Medical Information

We only share your medical information in these circumstances:

With other healthcare providers involved in your care
With medical aids for billing purposes
When required by law or court order
In emergency situations to protect your health
With your explicit consent

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Technical Safeguards

Encryption: All electronic patient data is encrypted
Access controls: Role-based access to information systems
Firewalls: Network security to prevent unauthorized access
Secure backups: Regular, encrypted backups of all patient data

Organizational Measures

Staff training: Regular privacy and security training for all employees
Physical security: Controlled access to premises and paper records
Policy enforcement: Clear procedures for data handling
Regular audits: Periodic reviews of our security practices

Data Breach Procedures

In the event of a data breach:

We will notify affected individuals within 72 hours if there is a high risk
We will report to the Information Regulator as required by POPIA
We will take immediate steps to mitigate any potential harm

Children’s Privacy

We treat children’s privacy with special care:

We collect personal information from children under 13 only with verifiable parental consent
Parents can review, delete, or refuse further collection of their child’s data
We do not condition a child’s participation on providing more information than necessary
Children between 13-18 may require parental consent for certain services

To exercise parental rights, contact us at [email protected].

Third-Party Services

Service Providers We Use

We work with carefully selected third parties who may process your data:

Medical laboratory services
Medical aid claim processors
Appointment scheduling systems
Website analytics providers

How We Ensure Third-Party Compliance

We establish data processing agreements with all service providers
We require POPIA compliance from all third parties
We regularly review third-party security practices
We limit data sharing to what is necessary

Specific Third-Party Services

Google Analytics: Website usage analysis
Medical billing services: For processing medical aid claims
Cloud storage providers: For secure data storage

Cookies and Tracking

Our website uses cookies and similar technologies:

Types of Cookies We Use

Essential cookies: Required for website functionality
Functional cookies: Remember your preferences
Analytical cookies: Help us understand how visitors use our site
Third-party cookies: Used by Google Analytics

Managing Cookies

You can set your browser to refuse cookies
You can delete cookies at any time
Blocking essential cookies may impact website functionality
You can opt out of Google Analytics by installing their opt-out browser add-on

For more detailed information about the cookies we use, please see our Cookie Policy.

International Data Transfers

While we primarily store and process data within South Africa, some data may be transferred internationally:

We use cloud services with servers in the European Union and United States
We ensure all international transfers comply with POPIA requirements
We implement appropriate safeguards such as Standard Contractual Clauses
We only transfer data to countries with adequate data protection laws or with specific safeguards in place

Facebook Fan Page

We maintain a Facebook Fan Page at https://facebook.com/thermednuclear:

Facebook and TheraMed Nuclear are joint controllers for data collected through the Fan Page
Facebook Insights provides us anonymous statistical data about page visitors
Facebook places cookies on devices of users visiting our Fan Page
Please review Facebook’s Privacy Policy for more information

Changes to This Policy

We may update this Privacy Policy from time to time:

We will post the new policy on this page
We will notify you of significant changes via email or website notice
The “Last Updated” date will indicate when revisions were made
Your continued use of our services after changes indicates acceptance of the updated policy

Contact Information

If you have questions about this Privacy Policy or our privacy practices:

TheraMed Nuclear

Email: [email protected]
Phone: +27 (0) 12 942 0845
Address: Room G3 Midstream Hill Medical Park, Corner of Midstream Hill Boulevard & Godley Drive, Midstream, South Africa, 0181
Information Officer: [Ansu Fourie]

South African Information Regulator

Email: [email protected]
Website: https://www.justice.gov.za/inforeg/

Have questions or need assistance?

Our dedicated team of professionals is here to help! Reach out to us, and we’ll provide you with the support and information you need.

ARE YOU FOLLOWING US?