1.2. Testaro Mobile Health(“Testaro”, “we”, “us” or “our”) collects and processes the personal information of anyone who accesses our website and/or chooses to become our customer as well as from you day-to-day dealings with us (“you” or “your”).
1.3. By providing us with your Personal Information, you:
1.3.1. agree to this Policy and authorise us to process such information as set out herein; and
1.3.2. authorise Testaro, our Service Providers and other third parties to Process your Personal Information for the purposes stated in this Policy.
1.4. Personal Information, in terms of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), means “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. South Africa’s Constitution, Act 108 of 1996, provides that everyone has the right to privacy. This includes the right to protection against the unlawful collection, retention, dissemination and use of your personal information.
1.5. Because of the sensitivity of some personal information, we ensure that the way we process your Personal Information complies fully with POPIA and have implemented reasonable organisational and technical controls as a result.
- Collection of Personal Information
2.1. We may collect or obtain Personal Information about you in the following ways:
2.1.1. Through direct or active interactions with you;
2.1.2. In the course of our relationship with you;
2.1.3. Through automated or passive interactions with you;
2.1.4. When you visit / or interact with our website or our various social media platforms;
2.1.5. From third parties;
2.1.6. Public sources;
2.1.7. Employment applications;
2.1.8. CCTV; and
2.1.9. Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information.
2.2. Types of Personal Information we may collect:
2.2.1. Identity information;
2.2.2. Contact information;
2.2.3. Financial information;
2.2.4. Transaction information;
2.2.5. Technical information;
2.2.6. Usage Information;
2.2.7. Location information; and
2.2.8. Marketing and communications information.
- Legal Basis for Processing
3.1. When we process your personal information in connection with the purposes set out in this Privacy Statement, we may rely on one or more of the following legal bases, depending on the purpose for which the processing activity is undertaken and the nature of our relationship with you:
3.1.1. Your consent to the processing of your Personal Information;
3.1.2. Processing of the information is necessary for the performance of a contract or of a legal obligation;
3.1.3. Processing is necessary for the protection of our and your legitimate interests.
- Purposes of Processing
4.1. We will primarily use your Personal Information only for the purpose for which it was originally collected. We will use your Personal Information for a secondary purpose only if such purpose constitutes a legitimate interest and is compatible with the primary purpose for which the Personal Information was collected.
4.2. You agree that we may process your Personal Information for the following, but not limited to, purposes, as relevant to our relationship with you:
4.2.1. Operating our business;
4.2.2. Complying with compulsory requirements under relevant laws;
4.2.3. to retain and make information available to you on our website;
4.2.4. to maintain and update our supplier database;
4.2.5. to establish and verify your identity on the website;
4.2.6. fraud prevention;
4.2.8. complying with information requests from the Information Regulator;
4.2.9. transfer of information to an associated third party of supplier;
4.2.10. to conduct market research surveys and other marketing activities; and
4.2.11. for security, administrative and legal purposes.
4.3. We may also collect and process aggregated data, which may include historical or statistical data for any purpose, including for know-how and research purposes.
4.4. We will not intentionally collect and process the Personal Information of a child unless we have the permission of a guardian or competent person (as defined by POPIA).
- Sharing of Personal Information
5.2. We will ensure that your Personal Information is processed in a lawful manner and that the third parties or we do not infringe your privacy rights. In the event that we ever outsource the processing of your Personal Information to a third party operator, we will ensure that the operator processes and protects your Personal Information using reasonable technical and organisational measures that are equal to or better than ours.
5.3. We may also disclose your Personal Information to third parties if we are under a duty to disclose or share such information in order to comply with any legal obligation or to protect the rights, property or safety of Testaro, its customers and others.
International Transfer of Personal Information
6.1. We will not ordinarily transfer any Personal Information collected from you outside the borders of South Africa.
6.2. In the event that we transfer or store your Personal Information outside South Africa, we will take all steps reasonably necessary to ensure that the third party who receives your Personal Information is subject to a law or binding agreement which provides an adequate level of protection.
- Data Security
7.1. We have implemented appropriate technical and organisational security measures to protect your Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable law.
- Payment Security
8.1. The payment pages that Testaro will use are hosted in a PCI-DSS secure DMZ. It is protected as prescribed by the PCI-DSS standards version 2.
8.2. The transport of all data is encrypted by a SSL Thawte certificate which creates a secure https:// link between the cardholder and the payment pages.
8.3. Any credit card would be asked for 3D secure enrolment if not already enrolled with the issuer to process transactions with authentication from the cardholder issuing bank.
8.4. No card entry would be possible on the Testaro web shopping cart as all card traffic will be securely posted to the payment pages.
8.5. No credit card data will be stored.
8.6. No unauthorized access to the payment pages site will be permitted. Only Testaro as a known entity will be allowed to direct encrypted payloads to the payment pages.
- Data Retention
9.1. We will retain your personal information for as long as is necessary to fulfil the purpose for which it was collected unless a longer retention period is required to comply with legal obligations or another legitimate obligation, unless we have your consent to process it indefinitely.
- Data Accuracy
10.1. The Personal Information provided to us should be accurate, complete and up-to-date. Should Personal Information change, the onus is on the provider of such data to notify us of the change and provide us with the accurate data.
- Data Minimisation
11.1. We will restrict its processing of Personal Information to data which is sufficient for the fulfilment of the primary purpose and applicable legitimate purpose for which it was collected.
12.1. You have the right to have your personal information processed lawfully. Your rights include the right:
12.1.1. to be notified that your Personal Information is being collected or that your Personal Information has been accessed or acquired by an unauthorised person e.g. where a hacker may have compromised our computer system;
12.1.2. to find out whether we hold your Personal Information and to request access to your Personal Information;
12.1.3. to request us, where necessary, to correct, destroy or delete your Personal Information;
12.1.4. to object, on reasonable grounds, to the processing of your Personal Information;
12.1.5. to object to the processing of your Personal Information for purposes of direct marketing, including by way of unsolicited communications;
12.1.6. not to be subject, in certain circumstances, to a decision which is based solely on the automated processing of your Personal Information;
12.1.7. to submit a complaint to the Regulator if you believe that there has been interference with the protection of your Personal Information; and
12.1.8. to institute civil proceedings against us if you believe that we have interfered with the protection of your Personal Information.
- Direct Marketing
13.1. We may process Personal Information for the purpose of direct marketing and providing you with information that may be of interest to you. We will only send you direct marketing materials if you have specifically opted-in to receive these materials, or if you are a customer of ours, at all times in accordance with applicable laws
13.2. You may unsubscribe at any time.
13.3. If you opt-out of receiving marketing-related communications from us, we may still send you administrative messages which are necessary as part of services
- Contact Details of the Information Regulator and Queries
14.1. You may contact our Information Officer at: firstname.lastname@example.org
14.2. You may contact the Information Regulator at:
14.2.1. Information Regulator
Tel: 010 023 2304