Privacy policy

1. Introduction

Travel Doctor Corporate (“we”, “our” or “us”) is committed to protecting your personal information and your constitutional right to privacy. This Privacy Policy explains how we collect, use, share, and protect your personal and medical information in compliance with the Protection of Personal

Information Act, 4 of 2013 (“POPIA”). This policy applies to all patients, website visitors, and other individuals whose personal information we may process.

2. Scope of this Privacy Policy

This Privacy Policy covers our website, products, services, and routine business operations, as well as third-party services or websites used in connection with or supporting our website, products, services, or business operations (collectively referred to as “Travel Doctor Services”). Travel Doctor Services include any platforms requiring users to log in, and any other online services provided by us. Travel Doctor Services also encompass all associated software, data, information, documentation, or materials provided to Users by us in relation to or through our services.

We may collect data, including Personal Data, provided by Users directly to us or through our services, as well as information gathered about Users, except as otherwise described in this Privacy Policy (collectively referred to as “User Data”). Such collection may include, but is not limited to, Users inputting or uploading information into our services, information provided to us or our services by or through third-party providers or services, accessing or interacting with our services, completing forms on or through our services, and downloading software, documents, or other resources from or through our services. Additionally, we may collect information from third parties, including publicly available data from third-party websites.

User Data includes information automatically collected when visiting or otherwise accessing Travel Doctor Services that qualifies as Personal Data (“Visitor Data”). Visitor Data specifically includes a User’s IP address, the date and time of the visit, the User’s browser and device information, details contained in cookies and tracking technologies (“cookies”), the parts of Travel Doctor Services the User accessed or visited, internet traffic information, and data obtained from third parties, but only to the extent that such information constitutes Personal Data.

3. Information We Collect

We collect and process the following types of personal information:

General Personal Information:

  • Full name, ID/passport number
  • Contact details (email, phone, address)
  • Employer and travel information (where applicable)

Special Personal Information (as defined under POPIA):

  • Medical history and conditions
  • Vaccination records
  • Consultation notes and diagnostic information
  • Laboratory test results and reports

This information may be collected:

  • Directly from you during consultations or registration
  • From medical practitioners, laboratories, or referring employers Through forms, calls, email, or our websites

Furthermore, we may collect User Data, including Personal Data, as part of our routine business operations, including interactions with Users. These operations include managing business relationships, providing customer support, processing billing, conducting marketing activities, managing contracts and events, and corresponding with Users via phone, email, or other communication methods. Such information may include company name, contact details of company employees and agents, financial and payment information, purchase orders, licensing agreements, support tickets and customer support documentation, usage data related to Travel Doctor Services, and information about Users’ administrators and end-users, which may include Personal Data.

4.Purpose of Collection

We process your personal information for the following purposes:

  1. To provide clinical care, assessments, and medical services
  2. To meet legal, clinical, and occupational health requirements
  3. For scheduling, billing, and medical aid or employer reimbursements
  4. For health recordkeeping, quality assurance and marketing
  5. To contact you regarding appointments or results
  6. For health analytics (in de-identified format where possible)
  7. To comply with applicable health and safety laws

5. Consent and Lawful Basis

We process personal information on one or more of the following legal bases:

  1. Your consent, obtained during onboarding or consultations
  2. Legal obligations imposed by healthcare and data laws
  3. Contractual necessity, where services are rendered
  4. Legitimate interests, such as quality improvement and patient safety

6. Sharing of Information

We respect the confidentiality of your personal and medical information. We only share it:

  1. With medical professionals involved in your care
  2. With third-party laboratories or specialists (when necessary)`
  3. With your employer or referring party (if agreed)
  4. With service providers (e.g., secure cloud hosting) under data protection agreements
  5. As required by law or with your explicit consent

We do not sell personal data.

7. Cross-Border Data Transfers

Some of our systems or service providers may store data outside of South Africa. In these cases, we ensure that appropriate safeguards are in place and that the level of protection is equivalent to that required under POPIA.

8. Voluntary vs. Mandatory Information

  1. Some information is mandatory for legal or clinical purposes.
  2. Failure to provide mandatory information may affect our ability to treat you.
  3. Voluntary fields will be marked and explained during collection.

9. Security of Your Information

We implement appropriate physical, technical, and administrative safeguards to:

  1. Protect against unauthorized access or disclosure
  2. Ensure accuracy and integrity of medical and personal data
  3. Secure electronic and paper records

If a data breach occurs, we will notify you and the Information Regulator where legally required.

10. Retention of Information

We retain personal and health records as required by law and for as long as necessary for medical, legal, or regulatory purposes. After this period, data is safely destroyed or anonymised.

11. Your Rights

Under POPIA, you have the right to:

  1. Request access to your personal data
  2. Correct or update inaccurate information
  3. Object to certain types of processing
  4. Withdraw consent (where applicable)
  5. Lodge a complaint with the Information Regulator

To exercise your rights, contact us at popi@traveldoccorp.com.

12. Information Regulator – Contact Details

Information Regulator (South Africa)

Address: Woodmead North Office Park, 54 Maxwell Drive, Johannesburg

Email: enquiries@inforegulator.org.za

Website: www.inforegulator.org.za

Phone: +27 10 023 5200

13. Changes to this Policy

We may update this Privacy Policy periodically. The updated version will be made available on our website. We encourage you to review this notice regularly.