Privacy Policy

Last updated: 15 March 2026 ยท POPIA compliant

๐Ÿ”’ ELMED is committed to protecting your personal information in accordance with the Protection of Personal Information Act (POPIA), Act 4 of 2013.

1. Who We Are (Responsible Party)

ELMED (Pty) Ltd is the responsible party for personal information processed through this platform. Contact our Information Officer at privacy@elmed.healthcare.

2. Information We Collect

  • Identity information: name, ID number, date of birth
  • Contact information: email address, phone number, physical address
  • Health information: medical history, diagnoses, prescriptions, lab results, vitals, classified as Special Personal Information under POPIA
  • Financial information: banking details (for provider payouts), payment method tokens (stored by payment processors, never by ELMED)
  • Usage data: IP addresses, session data, audit logs for security and compliance
  • Medical aid information: scheme name, membership number, plan details

3. Why We Process Your Information

  • To facilitate healthcare consultations, prescriptions, and referrals
  • To process payments and manage medical aid claims
  • To send appointment reminders and health notifications (with your consent)
  • To comply with legal obligations (HPCSA, SAPC, NDoH regulations)
  • To detect and prevent fraud and platform abuse
  • To improve platform features and user experience

4. Special Personal Information (Health Data)

Health information is Special Personal Information under POPIA. We only process it with your explicit consent and only share it with: your chosen healthcare providers, your medical aid scheme (for claims), and as required by law (e.g. notifiable conditions reporting to the NDoH).

5. Who We Share Your Information With

  • Healthcare providers you consult: doctors, pharmacies, labs, specialists on the platform
  • Medical aid schemes: only for claim processing, with your authorisation
  • Payment processors: PayFast and Yoco process payments under their own privacy policies
  • Email service providers: for transactional notifications only
  • We do not sell your personal information to any third party, ever.

6. Data Security

We implement technical and organisational measures including: encrypted connections (HTTPS/TLS), hashed passwords, session-based authentication, role-based access controls, comprehensive audit logging, and regular security monitoring. Health records are only accessible to authorised providers.

7. Data Retention

We retain patient health records for a minimum of 5 years as required by the National Health Act. Audit logs are retained for 3 years. You may request deletion of your account and non-health data at any time via our POPIA portal.

8. Your Rights Under POPIA

  • Access: request a copy of your personal information
  • Correction: request correction of inaccurate information
  • Deletion: request deletion of your data (subject to legal retention requirements)
  • Objection: object to processing for direct marketing
  • Complaint: lodge a complaint with the Information Regulator at inforeg@justice.gov.za

Submit POPIA requests from your patient portal under Settings โ†’ POPIA & Privacy, or email privacy@elmed.healthcare.

9. Cookies

We use only strictly necessary session cookies for authentication. We do not use advertising cookies or third-party tracking.

10. Changes to This Policy

We will notify registered users by email of any material changes to this policy. Continued use of the platform after notification constitutes acceptance.

Terms of Service Back to Home