KeyHealth Privacy Policy
KeyHealth is committed to protecting the confidentiality and privacy of the personal information it processes. This Privacy Notice explains how we process and protect your personal information.
We are KeyHealth Medical Scheme (“KeyHealth”, “we” or “us”), a not for profit open Medical Scheme registered in terms of the Medical Scheme’s Act, 131 of 1998, as amended, with registration number 1087/CMS. Our offices are situated at 86 Koranna Avenue, Doringkloof, Centurion 0157.
This Privacy Notice applies to all persons (both natural and juristic) that KeyHealth collects and process personal information about, including but not limited to website users, Scheme members and their dependants, brokers, healthcare service providers, suppliers, service providers, employees, consultants, job candidates and other third parties (“you”).
KeyHealth is committed to protecting the confidentiality and privacy of the personal information it processes. This Privacy Notice explains how we process and protect your personal information.
As a South African registered entity, all our data processing activities are primarily regulated by the Protection of Personal Information Act, No. 4 of 2013 (“POPIA”), as amended from time to time. For the purposes of this Privacy Notice, the terms “personal information” and “process”, are as defined in POPIA.
In relation to our members and their dependants, the official Scheme Rules of KeyHealth will apply if there is any conflict between the Scheme Rules and a provision of this Privacy Notice.
POPIA defines personal information as information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
- information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
- information relating to the education or the medical, financial, criminal or employment history of the person;
- any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
- the biometric information of the person;
- the personal opinions, views or preferences of the person;
- correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the person; and
the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
While using our website or engaging with us for the provision of any of our services, you may be required to provide us with your personal information. This may happen when, for example, you use our website, complete an application form, contact us (electronically or telephonically) use one of the products, services, facilities, tools or utilities offered by KeyHealth on our website or when you contract with us.
In certain instances, you may also be required to provide us with sensitive information that is classified by POPIA as special personal information. The collection of this information from you, when required, will be necessary in order to provide you with our services.
Given the nature of the services we provide, we are also required to collect and process the personal information of children, for example where the child is a dependant of one of our members.
Some of the personal information that we may collect from you, could include (but is not limited to):
- Identification details such as name, surname, ID/Passport Number;
- Contact details, such as phone numbers, email addresses, physical and postal addresses;
- Personal details, such as names, family information, ages and next of kin details;
- Demographical details, such as race, and age groups;
- Information you (and/or your dependants) use to register on the website or to complete an application form;
- Health information and other special personal information, regarding your medical treatment (historic and current);
- Children’s personal information, in relation to children (under the age of 18) who are dependants under a medical scheme contract or application form;
- Biometric information;
- Financial information, such as banking information and account numbers;
- Credit information;
- Background information;
- In relation to job applicants, qualification information, CV and other personal information that may be requested throughout the recruitment process to assess and consider the job application;
- In relation to healthcare service providers, professional body registration information and practice information, and other information relevant and required for the assessment, verification, processing and payment of claims;
When visiting our website, “cookies” or anonymised data relating to (where applicable) your location, browser type, browser version, the pages of our website that you visit, the date and time of your visit, the duration of time spent on the website pages and other applicable statistics are recorded by Google Analytics to analyse user behaviour on our website. No personally identifiable information is collected through these cookies at any point. For more information about how our website uses cookies, please refer to our website Terms of Use; - When you use one of our webforms on our website, personal information may be requested and once submitted will be stored in the database of our website.
Generally, we collect your personal information directly from you as far as reasonably possible.
In certain circumstances, we may also collect your personal information from other sources, such as (but not limited to) your employer (if you are part of an employer group), your broker, your healthcare service provider, or a member (where the member provides personal information on behalf of his/her dependants). Where you share your personal information with any third party to submit the information on your behalf (for example your broker, employer, healthcare service provider) or for any other reason, we will not be responsible for any loss suffered by you or that third party in relation to how that third party processes your personal information.
Where you are a member or prospective member of KeyHealth and you include your dependants on your application, you and the dependants that you have submitted the information on behalf of understand that we will process their personal information to activate their membership with us and to provide the services that you have contracted us to provide. You confirm that you are duly authorised to share such information with us.
Generally, the collection of personal information from you and the other sources referred to above is mandatory in order to achieve the purposes that we are collecting it for (as set out below). We will notify you where the collection of certain personal information is voluntary and not mandatory. The refusal to provide us with the mandatory personal information that we may require may have an impact on our ability to provide you with our products or services.
We may collect, use, share and/or generally process your personal information (including your special personal information, where applicable) for the following purposes:
- To provide you with our products and/or services;
- To conclude or perform a contract with you, or to take any take steps linked to or necessary for the conclusion or performance of a contract with you;
- To process and assess your membership application and you and your dependants’ eligibility for membership, including to verify the accuracy, correctness or completeness of any information provided to us or our appointed Medical Scheme Administrator while processing a membership application or providing services related to your membership;
- For the administration of your membership, health plan and benefits;
- To process you and/or your dependants’ instructions or requests;
- To provide, or manage the provision of, managed care services to you (where applicable);
- To communicate relevant personal information to healthcare service providers to enable you or our dependants to access benefits in terms of our Scheme Rules;
- To assess and make payment of claims;
- To comply with all legislative and legal requirements placed on us, which may include, but not be limited to, legislative reporting and document retention periods and where the law requires that information be notified to third parties (such as government institutions);
- Where applicable, for general marketing and communication purposes, where you are an existing member of KeyHealth or where we have received your consent to receive these communications, and in compliance with the provisions of POPIA. You will be given the opportunity to unsubscribe from any marketing communications, general communications and/or newsletters at any time, and with each communication received;
- To improve our services, meet your needs and manage our relationship with you, for example by asking for your feedback on the services you received from us or through the completion of a customer service satisfaction survey or through research and statistical analyses of aggregated member information;
- To perform general administrative, operational, management and performance functions and activities relating to the operation and running of our business and of our website, and for the purposes of managing our
- legal and operational affairs;
- To collect contributions and other money owed to us;
- For credit checking or credit reporting purposes (though a credit bureau), in order to assist KeyHealth’s decision to provide services to you or to report on any slow or non-payment of your accounts with KeyHealth to any third party;
- Where necessary, for any purposes which are in our, your, or a third party’s legitimate interest;
- For any purposes which are required or authorised by law;
- To respond to requests by government, a court of law, or law enforcement authorities conducting an investigation;
- For the purposes of underwriting and risk profiling, assessment and management;
- For statistical, analytical, research and historical purposes;
- For reporting to authorised persons and authorities, for example, the Board of Trustees and the Council for Medical Schemes;
- Where you are applying for a vacancy, to process your application throughout our recruitment process;
- For the purposes of investigating and reporting suspicious behaviour or fraudulent conduct to appropriate persons and bodies;
- In relation to the use of our website, to identify, investigate and attend to any technical issues, support and user queries;
- For systems testing, maintenance and development;
- To detect, prevent or deal with any actual or alleged fraud, security breach, or the abuse, misuse or unauthorised use of the website and/or contravention of this Privacy Notice;
- For any other lawful purpose which directly relates to your membership, or which is authorised in terms of the law or our Scheme Rules.
- We will not use your personal information for commercial purposes. We may however collect, use, share and/or generally process information or data that has been de-identified and/or aggregated, for example, statistical or demographic data, for any purpose. Aggregated or de-identified data is not considered personal information in terms of POPIA, as this information is de-identified and does not, directly or indirectly, reveal your identity.
We value and respect the confidentiality and privacy of the personal information that you entrust us with. We are not in the business of selling your personal information and we will not share or disclose your personal information to anyone except as provided in this Privacy Notice and/or any contracts or terms and conditions of service concluded with us.
By using our website and/or engaging with us for the provision of services, you acknowledge and agree that we may share your personal information (including, where applicable your special personal information) in the following instances:
- If it is necessary in order to provide you with a service that you have requested or contracted us to provide or source on your behalf;
- If it is in your legitimate interest;
- If it is necessary for the proper performance of a public law duty by a public body;
- If it is required or authorised by law;
- If you have provided us with your consent;
- With our contracted Medical Scheme Administrator, for the purposes of managing and administering your membership and benefits with the Scheme, and for the processing of your claims with us;
- With our employees, who may require that information to perform their functions and duties;
- With your healthcare service providers to enable you or your dependants to access benefits in terms of our Scheme Rules;
- With your broker, should your broker request personal information about you and your dependants. In these instances, we will only provide information that enables the relevant broker to provide you with sound advice, such as your option type and your contact details. We will not share any information about your or your dependants’ medical conditions with the relevant broker unless you and/or your dependants have given express permission to do so;
- Where you are a dependant, with the principal member, to ensure the efficient administration of your membership and benefits. This will include your health information, where relevant;
- Where you and your dependants are a member of an employer group, membership information may be shared with the employer. This will be limited to information that is relevant to you and/or your dependants’ application or information that is required for the ongoing servicing of your membership, but will not include any health information unless you and/or your dependants have given us permission to do so;
- With our contracted service providers (including our suppliers, subcontractors, partners, agents, auditors, insurance and risk advisors and our professional advisors), in order to provide you with our services, for reporting purposes or generally as required for the administration and management of our business. In these instances, we will ensure that the necessary security safeguards and confidentiality undertakings are in place to secure your personal information. We will only allow third parties to process your personal information for a specific purpose, in accordance with our instructions and in accordance with the requirements of POPIA and any other applicable data privacy laws;
- With credit rating agencies, including personal information about any judgment or default history, should there be any default on payment to us;
- With regulators and government authorities in connection with our compliance procedures and legal obligations;
- With a purchaser or prospective purchaser of all or part of our assets or our business or the shares/interest in our Scheme, and their professional advisers, in connection with the purchase;
- With a third party, in order to enforce or defend our rights, or to address financial or reputational risks.
Securing the personal information you give us, or that we receive about you, is a priority for KeyHealth.
We take appropriate and reasonable technical and organisational security measures to protect the personal information that we process from destruction and unauthorised access, in accordance with the requirements of POPIA.
We will not retain your personal information longer than necessary. We will retain the personal information you provide to us or that we receive about you for as long as is needed to achieve the purpose that it was collected for, or for an extended period of time, even after the personal information is no longer needed to achieve the purpose that it was collected for, if the retention of your personal information records is:
- required by law or any code of conduct;
- required to meet regulatory requirements;
- needed for evidentiary purposes, to resolve disputes, to prevent or investigate fraud and abuse, or to enforce any contract concluded with you;
- reasonably required for lawful purposes that are related to KeyHealth’s function, operations or activities;
- determined necessary in accordance with our internal document retention and destruction policies;
- required for historical, research or statistical purposes. In these circumstances, we will take measures to de-identify this personal information as far as reasonably possible.
Where applicable, personal information that has been included in our customer database and that is used for marketing and communication purposes will be retained by us. When you request to unsubscribe from these communications, your contact information contained in our customer communication database will be placed into an unsubscribe list, to enable us to manage and honour your unsubscribe request. Should you require us to delete your information completely from our customer communication database, you understand that we will no longer be able to manage your unsubscribe request (as we will no longer have a record of your unsubscribe request available in our database).
Any direct marketing done by KeyHealth will be done in compliance with the provisions of POPIA and the Consumer Protection Act, 2008. You will be given the opportunity to unsubscribe from any marketing communications, general communications and/or newsletters at any time, and with each communication received.
To ensure that we maintain the quality of our service offering, and to improve our services, meet your needs and manage our relationship with you we may ask members and their dependants to complete a customer service satisfaction survey or other surveys relevant to our services.
Given the nature of our business, we may store both hard copy and electronic records containing personal information.
Hard copy personal information records may be stored at our facilities or premises, or when archived, at a third-party document retention service provider for the duration of the applicable document retention period. We will take reasonable and appropriate measures to ensure that hard copy personal information records stored or retained by third-party service providers is done in compliance with POPIA.
Electronic personal information records may be stored on KeyHealth’s servers and/or on third-party servers, including servers used for cloud-based software and applications used by KeyHealth for the purposes of providing you with our products and/or services and for the administration and management of our business.
While KeyHealth endeavours, as far as reasonably possible, to store your personal information locally in South Africa, we may be required to transfer to and/or store your personal information on servers located outside of South Africa. KeyHealth may also have third-party service providers that are located outside of South Africa, which may result in your personal information being transferred and processed outside of South Africa. Given the nature of KeyHealth’s business, some of this personal information may be health information or other categories of special personal information, and some of this information may include the personal information of children.
KeyHealth will take reasonable and appropriate measures to ensure that any personal information, special personal information or children’s information that is transferred outside of the borders of South Africa is transferred in compliance with the requirements of POPIA and that an adequate level of privacy protection is in place between us and these third-party service providers.
Due to the nature of KeyHealth’s business as a Medical Scheme, it is required to collect and process special personal information and children’s personal information in order to manage and administer your membership, health plan and benefits, assess and process claims and for the other purposes as set out in paragraph 7 of this Privacy Notice (The purposes that we may use personal information for).
All special personal information and children’s personal information collected and processed by KeyHealth will be done in compliance with the provisions of POPIA.
As a data subject, POPIA provides you with a number of rights in relation to how your personal information is used and processed. In terms of POPIA, you are entitled, in the prescribed manner and form, to:
- request a copy of the personal information that we hold about you (subject to and in accordance with the provisions of the Promotion of Access to Information Act);
- update the personal information you have given to us, in the event that the personal information is inaccurate or outdated;
- request the correction, destruction or deletion of personal information we hold about you (where legally permissible and subject to our right not to correct or delete the personal information record in certain circumstances);
- object to your personal information being processed by us (on reasonable and lawful grounds), in instances where you have a legitimate reason to believe that we are not processing your personal information in accordance with the provisions of POPIA, and provided that we are not required to process your personal information by law; and to
object to any processing of your personal information for the purpose of direct marketing by electronic communication, in the prescribed manner and form, or to unsubscribe from receiving any marketing or communication emails received from us by clicking the “unsubscribe” link at the bottom of any email.
We will make commercially reasonable efforts to provide you with reasonable access to any of your personal or other account information that we process and/or retain. In certain circumstances, such as when we are required to retain or withhold the disclosure of certain personal information by law, we may not be able to provide you with access to all your personal information or we may not be able to change, rectify or delete your personal information at your request. In these circumstances, we will provide you with reasons as to why your request cannot be complied with.
Members can update or correct any of the personal information held by us by contacting us either by email or phoning our Client Services Department. A copy of you and/or your dependants’ personal information held by the Scheme can also be requested by contacting our Client Services Department.
In certain circumstances, access to your or a third parties records will only be made available in accordance with the Promotion of Access to Information Act, 2 of 2002.
If you have a complaint about how we are processing your personal information, or if you wish to object to us processing your personal information or request the correction, deletion or destruction of any of the personal information records we hold about you please contact our Information Officer at POPIqueries@keymed.com, in the first instance, so that we can resolve the complaint or attend to your request.
All requests need to be submitted on the prescribed forms, as set out in the POPIA Regulations.
All requests for access to personal information records must be done on the form prescribed in terms of PAIA.
The prescribed form for reporting complaints regarding the use or processing of your personal information by us, must be addressed on Form 1.
The prescribed form for requesting the correction, deletion or destruction of your personal information records by us, must be addressed on Form 2. You acknowledge that in some instances KeyHealth may not be able to comply with your request to correct or delete your personal information, where this request conflicts with any applicable laws.
In terms of POPIA, you are also entitled to direct a complaint to the Office of the Information Regulator, South Africa, if you feel that your complaint has not been adequately addressed directly with us. Complaints to be addressed to the Information Regulator must be completed in the prescribed manner and form (on prescribed Form 5 Part II, as set out in the POPIA Regulations).
The Office of the Information Regulator may be contacted at inforeg@justice.gov.za (general enquiries) or POPIAComplaints.IR@justice.gov.za (complaints).
Their website is: http://www.justice.gov.za/inforeg/.
Changes may need to be made to this Privacy Notice, from time to time. We will endeavour to only make changes to this Privacy Notice where they are material, necessary and/or required as a result of legislative or regulatory changes or guidance, or any code of conduct published that may be relevant to the industry in which our business operates.
Any changes made to this Privacy Notice will be posted through an updated Privacy Notice that is loaded onto this website page. Please check this page to keep informed of any updated or revised Privacy Notice that may be posted.
This Privacy Notice is governed by the laws of the Republic of South Africa, and you hereby consent to the jurisdiction of the South African courts in respect of any dispute which may arise out of or in connection with the formation, interpretation, substance or application of this Privacy Notice.