Our POPIA commitment

GLP-1 Weight Loss processes personal information in accordance with the Protection of Personal Information Act (POPIA), South Africa's primary data protection legislation. We treat your medical and personal information with the level of care that the law requires and that the trust of a doctor-patient relationship demands.

What constitutes personal information

POPIA covers any information that identifies you as a person, including name, contact details, medical history, biometric data, payment details, and demographic information. Medical information is classified as special personal information under POPIA and is subject to stricter protections.

Our information officer

In accordance with POPIA, we have designated an Information Officer responsible for compliance with the Act and for handling requests related to personal information. The Information Officer can be contacted at:

  • Email: info@glp1weightloss.co.za
  • Post: Information Officer, GLP-1 Weight Loss, 2 Ncondo Place, Umhlanga, South Africa

The eight POPIA conditions

POPIA establishes eight conditions for the lawful processing of personal information. We comply with each as follows:

1. Accountability

We take responsibility for ensuring compliance with POPIA throughout our operations. Our staff are trained on POPIA requirements, and our systems are designed with privacy by default.

2. Processing limitation

We only collect information that is necessary for the purposes of providing the medical service. We minimise the data we collect to what is required for clinical care, payment, and legal compliance.

3. Purpose specification

We collect information for specified, explicit, and lawful purposes. The full purposes for which we process your information are set out in our Privacy Policy.

4. Further processing limitation

We do not use your information for purposes incompatible with those for which it was collected. We do not sell your data, share it with marketing partners, or use it for unrelated commercial purposes.

5. Information quality

We take reasonable steps to ensure your information is accurate, complete, and up to date. You can request corrections at any time.

6. Openness

We are transparent about what information we collect and how we use it. Our Privacy Policy provides full details, and our staff can answer specific questions about your information.

7. Security safeguards

We implement appropriate technical and organisational security measures, including encryption in transit and at rest, restricted staff access, two-factor authentication, and regular security audits. Medical information is held on infrastructure designed for healthcare data.

8. Data subject participation

You have the right to access, correct, delete, and object to the processing of your information. Requests are handled by our Information Officer.

Your rights under POPIA

  • Right to access: Request a copy of the personal information we hold about you.
  • Right to correction: Request that we correct inaccurate or incomplete information.
  • Right to deletion: Request that we delete your information, subject to legal retention requirements for medical records.
  • Right to object: Object to the processing of your information for certain purposes, including direct marketing.
  • Right to withdraw consent: Withdraw consent for marketing communications at any time.
  • Right to complain: Lodge a complaint with the Information Regulator if you believe your rights have been violated.

Processing of special personal information

Medical and health information is classified as special personal information under POPIA. We process this information under the exception provided in section 32 of the Act, which permits processing of health-related information by medical professionals for the purposes of providing medical care.

This information is treated with additional protections, including restricted access to only the clinical staff involved in your care, encryption at all times, and retention only for the periods required by HPCSA regulations.

International data transfers

Your information is stored on infrastructure located in South Africa. We do not transfer personal information outside South Africa except where necessary for the operation of the service, in which case the recipient must provide adequate protection equivalent to POPIA.

Data breaches

In the unlikely event of a security incident affecting your personal information, we will notify both the Information Regulator and affected individuals as required by POPIA, typically within 72 hours of becoming aware of the breach.

Contacting the Information Regulator

If you are not satisfied with how we have handled your information, you have the right to lodge a complaint with the Information Regulator of South Africa: