This Privacy Statement explains how we collect, use, store, and protect your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African legislation. Please read it carefully. By using our website or engaging our services, you acknowledge that you have read and understood this statement.
WHO WE ARE
The responsible party for your personal information is:
Name: Dr Jeff Swartzberg Radiology Practice Trading as: Dr Jeff Swartzberg / Centre of Advanced Medicine Website: drjeff.co.za Physical address: 13 Scott Street, Waverley, Johannesburg 2090 Telephone: 011 440 7877 Email: nemisha@centaurimedical.co.za
As the responsible party, we determine the purpose and means by which your personal information is processed. We are committed to processing your personal information lawfully, minimally, and in a manner that respects your right to privacy as guaranteed by the Constitution of the Republic of South Africa and POPIA.
INFORMATION WE COLLECT
We collect personal information directly from you and, in limited cases, from third parties such as your referring physician. The types of information we may collect include identity information such as your full name, date of birth, gender, and identity number; contact information including your phone number, email address, and postal address; medical information relevant to your scan including referral details, medical history, medical aid details, scan images, and reports; medical aid scheme name, membership number, and plan type; payment details for self-paying patients; technical information collected automatically via our website such as your IP address, browser type, and pages visited; and records of communications including emails, enquiry forms, and phone calls.
We will always tell you which information is required and which is optional. We will not collect more personal information than is necessary for the specific purpose for which it is collected.
HOW WE USE YOUR INFORMATION
We use your personal information only for the purposes for which it was collected.
For clinical and medical purposes, this includes scheduling and managing your appointments, performing diagnostic imaging examinations, preparing, storing, and transmitting radiological reports and images, communicating results to your referring physician, maintaining your patient records in accordance with health record keeping legislation, and obtaining prior authorisation from your medical aid scheme.
For administrative and operational purposes, this includes processing payments and submitting medical aid claims, responding to your enquiries and communications, managing our practice operations, complying with legal and regulatory obligations, and maintaining practice accounts and financial records.
For website and communication purposes, this includes operating and improving our website, analysing how visitors use our site to improve the user experience, and sending appointment reminders and practice communications.
We do not use your personal information for direct marketing without your explicit prior consent. You may opt out of any marketing communications at any time by contacting us.
LEGAL BASIS FOR PROCESSING
Under POPIA, we process your personal information on one or more of the following lawful grounds. Where you have given us specific, informed, and voluntary consent to process your information for a defined purpose, we rely on consent. Where processing is necessary to provide you with the medical services you have requested, we rely on the performance of a contract. Where we are required by South African law to collect or retain certain information — including health record keeping obligations under the National Health Act and medical aid claims processing under the Medical Schemes Act — we rely on compliance with a legal obligation. Where processing is necessary for our legitimate operational interests and those interests are not overridden by your right to privacy, we rely on legitimate interest. In limited emergency circumstances where processing is necessary to protect your health or life, we rely on vital interest.
SHARING WITH THIRD PARTIES
We do not sell, rent, or trade your personal information. We share your information only where necessary. Your scan reports and images are shared with your referring physician or specialist on the basis of your implied consent and clinical necessity. Your information is shared with medical aid schemes for the purposes of claims submission and authorisation. We use radiology reporting platforms and IT service providers for the secure delivery, storage, and management of patient records and practice systems — these operators are bound by contract to maintain equivalent data protection standards. In the event of a legal requirement such as a court order or regulatory request, we may be required to disclose personal information to legal or regulatory authorities. Where referral to another healthcare facility is clinically indicated, relevant information may be shared with that facility with your consent.
All third-party operators who process personal information on our behalf are required by contract to process your information only for the purposes we specify and to maintain appropriate security safeguards. We do not authorise any third party to use your personal information for their own purposes.
SPECIAL PERSONAL INFORMATION
As a medical imaging practice, we necessarily process Special Personal Information as defined under Section 26 of POPIA. This includes your health information — such as your medical history, clinical presentation, scan images, and radiological reports — as well as information about your physical condition and body.
This information is processed only for the purpose of providing you with diagnostic imaging services and communicating clinical results to your healthcare team, on the basis of your consent and the necessity of providing the medical care you have requested.
We apply heightened safeguards to the collection, storage, and transmission of all health-related information. Access to patient medical information is restricted to clinical and administrative staff who require it to perform their duties.
COOKIES
Our website uses cookies — small text files placed on your device — to improve your browsing experience and help us understand how the site is used.
Strictly necessary cookies are essential for the website to function, including session management, security, and form submission. These do not require your consent. Analytics cookies collect anonymised data about how visitors use the site and require your opt-in consent. Functional cookies remember your preferences and also require your opt-in consent.
When you first visit our website, a cookie consent banner will be displayed. You may accept all cookies, accept only strictly necessary cookies, or manage your preferences. You may withdraw your consent at any time by adjusting your browser settings or contacting us. Disabling certain cookies may affect the functionality of parts of our website.
HOW LONG WE KEEP YOUR DATA
We retain your personal information only for as long as is necessary for the purposes for which it was collected and in accordance with applicable legal requirements.
Patient medical records for adults are retained for a minimum of six years from the date of last entry, in accordance with the National Health Act. Records for minors are retained for a minimum of six years or until the patient reaches the age of 21, whichever is longer. Financial and billing records are retained for five years in accordance with the Income Tax Act and SARS requirements. Medical aid claim records are retained for five years under the Medical Schemes Act. Website enquiry and contact records are retained for three years or until the matter is resolved. Website analytics data is retained for 26 months in anonymised form.
When personal information is no longer required, we will destroy or de-identify it in a secure manner.
SECURITY
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, and destruction. These measures include secure, encrypted storage of patient records and radiological data; restricted access to patient information on a need-to-know basis; secure transmission of reports and images using encrypted platforms; password-protected and access-controlled systems; regular staff training on data privacy and information security; and physical access controls at our facility.
In the event of a data breach that is likely to affect your rights and interests, we will notify the Information Regulator and affected individuals as required by Section 22 of POPIA and will take all reasonable steps to contain and mitigate the breach without undue delay.
While we take all reasonable steps to protect your personal information, no method of electronic transmission or storage is 100% secure. If you have concerns about the security of your information, please contact us immediately.
CROSS-BORDER TRANSFERS
In the ordinary course of our practice, we do not transfer your personal information outside of South Africa. In the limited circumstances where this may occur — for example, where a reporting or cloud storage platform is hosted internationally — we ensure that adequate protections are in place as required by Section 72 of POPIA. These include transfers to countries with data protection laws providing a substantially similar level of protection to POPIA, binding contractual agreements with international operators requiring equivalent data protection standards, and your explicit consent where required.
YOUR RIGHTS UNDER POPIA
POPIA grants you the following rights in relation to your personal information.
You have the right to access your personal information and to request confirmation of whether we hold information about you and to obtain a copy of it. You have the right to request that we correct, update, or complete any inaccurate, incomplete, or misleading information we hold about you. You have the right to request the deletion or destruction of your personal information, subject to our legal obligations to retain certain records. You have the right to object to the processing of your personal information on reasonable grounds, and to object to direct marketing at any time. Where processing is based on your consent, you have the right to withdraw that consent at any time — withdrawal does not affect the lawfulness of processing before the withdrawal. If you believe we have processed your information unlawfully, you have the right to lodge a complaint with the Information Regulator of South Africa. You will not be penalised or discriminated against for exercising any of your rights under POPIA. You have the right to be notified of the purpose for which your personal information is being collected at or before the time of collection.
To exercise any of these rights, please submit a written request to us using the contact details below. We will respond within 30 days. There is no charge for exercising your rights, although we may charge a reasonable fee for manifestly excessive or repetitive requests.
CHILDREN
POPIA provides additional protection for the personal information of children under the age of 18. We do not collect personal information from minors directly via our website. Where we provide diagnostic imaging services to a minor, we do so under the authority and with the consent of a parent or legal guardian and in accordance with all applicable requirements. If you believe we have inadvertently collected information from a minor without appropriate consent, please contact us immediately and we will take steps to remove that information.
CHANGES TO THIS STATEMENT
We may update this Privacy Statement from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the effective date at the top of this document and, where appropriate, notify patients directly. We encourage you to review this statement periodically. Your continued use of our website or services after any changes indicates your acceptance of the updated statement.
CONTACT AND COMPLAINTS
If you have any questions about this Privacy Statement, wish to exercise your rights, or have a concern about how we have handled your personal information, please contact our Information Officer:
Dr Jeff Swartzberg — Centre of Advanced Medicine 13 Scott Street, Waverley, Johannesburg 2090 Telephone: 011 440 7877 Email: nemisha@centaurimedical.co.za Hours: Monday to Friday, 08:00 to 16:00
If you are not satisfied with our response, or if you believe we have processed your personal information in contravention of POPIA, you have the right to lodge a complaint with the Information Regulator of South Africa:
Information Regulator (South Africa) JD House, 27 Stiemens Street, Braamfontein, Johannesburg 2001 P.O. Box 31533, Braamfontein, Johannesburg 2017 Complaints email: complaints.IR@justice.gov.za General enquiries: inforeg@justice.gov.za
