dashes
UMVUZO HEALTH MEDICAL SCHEME

POPIA Privacy Policy

Please read this Privacy Policy carefully to understand how your personal information will be handled by Umvuzo Health Medical Scheme. Every term of this Policy is material.

1. ABOUT UMVUZO HEALTH MEDICAL SCHEME

Umvuzo Health Medical Scheme (“Umvuzo Health” / ”the Scheme”), a registered restricted membership medical scheme in terms of the Medical Schemes Act 131 of 1998, offers medical scheme benefits to the employer group and their respective employees in the mining, food, steel and retail sectors. Umvuzo Health is a self-administered medical scheme, supported by various contracted service providers. The Scheme is subject to the authority of the Council for Medical Schemes. The Scheme is governed by a Board of Trustees, which has a statutory duty to keep beneficiary information confidential.

Our contact details:
Address: Building D, Alenti Office Park, 457 Witherite Road, The Willows,0040
E-mail: compliance@umvuzohealth.co.za
Telephone: +27 (0) 12 8450000
Website: www.umvuzohealth.co.za

2. INFORMATION OFFICER

Our Information Officer’s contact details:
Name: Mr. HB van Zyl
E-mail: hugovz@umvuzohealth.co.za
Telephone: +27 (0) 12 8450000

3. EXPLANATION OF TERMS USED

The following terms have the meanings assigned to them in this Privacy Policy unless the context requires otherwise:

    1. “Umvuzo Health” refers to the Umvuzo Health Medical Scheme, registered with the Council for Medical Schemes.
    2. “Board” refers to the Board of Trustees of the Scheme.
    3. “Beneficiary” means a member and/or dependant of a member.
    4. “Data subject” has the meaning assigned to it in POPIA and refers to the person to whom the personal information relates and includes both natural and juristic persons.
    5. “Dependant” means a dependant of a member admitted as such in terms of Rules of the Scheme.
    6. “Member” refers to a natural person who has been admitted as a principal member of the Scheme in terms of the Rules and “membership” has a corresponding meaning.
    7. “Officer” refers to a member of the Board, any Committee of the Scheme, the Principal Officer, and any employee of the Scheme.
    8. “PAIA Manual” refers to the Manual compiled by the Scheme in terms of section 51 of the Promotion of Access to Information Act (Act 2 of 2000).
    9. “Personal information” has the meaning assigned to it in POPIA and refers to information relating to living human beings and existing juristic persons. It includes information such as race, gender, age, medical information, identity number, contact details and confidential correspondence and “information” has a corresponding meaning.
    10. “POPIA” means the Protection of Personal Information Act (Act 4 of 2013) and the Regulations issued in terms thereof.
    11. “Principal Officer” means the Principal Officer of Umvuzo Health.
    12. “Processing” has the meaning assigned to it in POPIA and refers to any operation or activity concerning personal information, such as the collection, receipt, recording, storage, updating, alteration, use, distribution, erasure or destruction of the information and “process” has a corresponding meaning.
    13. “Rules” means the registered Rules of the Scheme.
    14. “The Scheme” refers to the Umvuzo Health Medical Scheme.
    15. “We” / “us” refers to Umvuzo Health.
    16. “Website” means http://www.umvuzohealth.co.za
    17. “You” / “your” refers to the data subject whose personal information is processed by the Scheme.

4. APPLICATION OF THE PRIVACY POLICY

This Privacy Policy applies to personal information that we have in our possession or under our control and personal information that we collect or receive from or about you. It stipulates, amongst others, how we collect the information, the type of information collected, why that information is collected, the circumstances under which that information will be shared with others, the security measures that we have implemented to protect the information and how you may obtain access to and correct your information.

5. OUR COMMITMENT

We understand that your personal information is important to you. Your privacy and the security of your information are just as important to us and we want to make sure you understand how your information will be processed. We are committed to conducting our business in accordance with the law. We will, therefore, only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential. We take this commitment to look after your personal information seriously. We have implemented several processes to make sure that your personal information is used in the right way. We only collect personal information that is necessary and use it for the purposes specified in this Privacy Policy unless you are advised otherwise. We do not keep personal information longer than needed for lawful purposes. We only share your personal information as specified in this Privacy Policy and/or permitted in terms of the law or otherwise as agreed with you.

6. WHEN YOU PROVIDE PERSONAL INFORMATION ABOUT ANOTHER INDIVIDUAL / ENTITY

You must make sure that if you provide personal information about any individual or entity to us, you may lawfully do so (e.g., with their consent). We will accept that you are acting lawfully. You should make sure that they are familiar with this Privacy Policy and understand how we will use and disclose their information.

7. COLLECTION OF YOUR PERSONAL INFORMATION

We collect personal information directly from you when you become a member, a dependant or an employee of the Scheme and when you submit information on the website or the Scheme App or otherwise to the Scheme. Information may also be collected from other sources, depending on the circumstances, when it is, for example, not possible to obtain the information directly from you, or you make information publicly available. Healthcare provider information is, amongst others, collected from claims submitted in respect of goods and services provided to beneficiaries. Telephone calls with external callers and virtual meetings are recorded. The information that we collect is necessary to provide membership services, manage the Scheme and comply with the Rules, the Medical Schemes Act and other laws. When you use our website and/or Scheme App, you must familiarise yourself with the terms and conditions applicable to your use of those platforms.

8. PROCESSING OF YOUR PERSONAL INFORMATION

There are various laws that permit the processing of personal information such as POPIA. Employment laws permit the processing of employees’ information. We generally process the personal information listed below, if applicable in the circumstances, and retain it as part of our records. Other personal information may be collected and processed if it is required in the circumstances.

Beneficiaries

  • Names, surnames, addresses and contact details;
  • Identity numbers, dates of birth and age, gender;
  • Dependants’ details;
  • Employment details;
  • Income and bank details;
  • Health information, including pre-existing conditions, diagnoses and treatment;
  • Previous medical scheme cover;
  • Details of treating providers;
  • Membership contributions and payment-related information;
  • Authorisation requests, claims, funding decisions, benefit allocation and benefit utilisation;
  • Dependant status, waiting periods and late joiner penalties;
  • Information related to complaints and disputes;
  • Telephone call recordings; and
  • Correspondence.

Trustees, Committee Members and Nominees

  • Full names and surnames, titles, identity numbers, age, addresses; contact details, nationalities, gender, qualifications, vetting reports, photos, other information included on nomination forms, curriculum vitae (“CVs”) and declarations of interests;
  • Signatures of official signatories and proof of residence, if required by the bank;
  • Bank details;
  • Position held at the Scheme;
  • Recording of virtual meetings, records of meeting attendance, information included in minutes of meetings and participation in business-related matters / events on behalf of the Scheme;
  • COVID-19 screening information, if applicable; and
  • Correspondence.

Employees and Job Applicants

  • Full names and surnames, titles, identity numbers, age, contact details, positions or roles at the Scheme, nationalities, gender, race, qualifications, vetting reports, photos, employment history, references, next-of-kin and other information included on CVs;
  • Relevant medical and disability information, if applicable;
  • Employment-related information such as sick certificates, performance and disciplinary records, salary information, tax numbers and employment history;
  • Bank details;
  • Next-of-kin; and
  • Correspondence.

Health Care Providers

  • Full names and surnames / entity names, titles, addresses and contact details; practice code numbers, qualifications and website addresses;
  • Relevant staff member’ / contact persons’ names, surnames and contact details;
  • Bank details and bank verification letters;
  • Designated service provider (DSP) / preferred provider network status;
  • Claims, remittance advices and payment related information;
  • Utilisation of scheme benefits; and
  • Correspondence.

Suppliers, Vendors, Other Persons and Public and Private Bodies

  • Entity names, addresses, contact details and website addresses;
  • Names, surnames, titles, contact details and positions of contact persons;
  • Names, surnames, titles and contact details of employees’ next-of-kin;
  • Qualifications, licences, accreditation and performance;
  • Proposals, agreements and related information;
  • Payment information including banking details and VAT Numbers;
  • Official documentation, such as newsletters and brochures;
  • BBBEE status;
  • COVID-19 screening information of visitors to the Scheme’s offices; and
  • Correspondence.

Insurers

  • Entity names, addresses, contact details and website addresses;
  • Names, surnames, titles, contact details and positions of contact persons;
  • Claims;
  • Payment-related information;
  • Correspondence.

9. PURPOSE OF PROCESSING YOUR PERSONAL INFORMATION

We generally process your personal information for the following purposes:

  • to conduct the business of a medical scheme in terms of the Medical Schemes Act, including admission to membership, risk assessment of beneficiaries, underwriting, risk management, disease management, benefit management, the assessment and payment of beneficiary claims, the collection of contributions and debts and for managed healthcare and forensic investigation purposes;
  • for governance purposes;
  • for employment and related matters;
  • to verify provider details;
  • to comply with relevant legislation;
  • to report to persons and bodies as required and authorised in terms of the Rules, legislation or by the data subjects;
  • for the maintenance of assets;
  • for communication purposes;
  • for marketing purposes;
  • for client services;
  • for procurement;
  • for historical, statistical and research purposes;
  • for enforcement of our rights; and
  • for any other lawful purpose, which directly relates the business of a medical scheme.

10. CONSENT

If you consent to the processing of your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for in the law.

11. OBJECTION TO PROCESSING

When we process your personal information to protect your legitimate interests or based on the legitimate interests of the Scheme or those of a third party to whom we supply the information, you may object to our processing, if it is reasonable to do so. This must occur on the form prescribed by POPIA, available from the Information Officer. This does not affect your personal information that we have already processed. If you object and we agree with your objection, your personal information will only be processed as provided for in the law.

12. LINKS TO SOCIAL NETWORKING SERVICES

We use social networking services such as WhatsApp, Facebook and LinkedIn to communicate with the public about our services. When you communicate with us through these services, the relevant social networking service may collect your personal information for its own purposes. These services have their own privacy policies, which are independent of this Privacy Policy.

13. DISCLOSURE OF YOUR PERSONAL INFORMATION

We will share only relevant personal information about you, if it is necessary and lawful in the circumstances. We will generally share your personal information with the following persons and entities in the conducting of our business:

  • Officers, employees, service providers, suppliers and vendors who assist us to provide the services and who perform functions related to our business on a need-to-know basis, subject to confidentiality undertakings where applicable;
  • Our insurers;
  • Our professional and legal advisers;
  • Our accountants and auditors;
  • Law enforcement structures, including courts and tribunals; and
  • Regulatory and other public or private bodies, persons or entities, as may be required or permitted in terms of the law, including to comply with any legal obligation or to protect the rights, property or safety of our business, the public or others.

We may also share your information with the following persons and entities:

Beneficiaries

    • Suppliers and service providers who perform functions related to the administration of our business and the provision of managed healthcare services on a need-to-know basis and subject to confidentiality undertakings;
    • Regulatory and other public or private bodies, persons or entities, as permitted in terms of the Rules, legislation, the relevant beneficiary, or as may be required or permitted in terms of the law (e.g., Council for Medical Schemes [“CMS”]);

• Banks; • South African Revenue Services (“SARS”); • Debt collectors / attorneys when contributions are outstanding;

Trustees, Committee Members and Nominees

  • Our beneficiaries; and
  • Vetting agencies.

Employees and Job Applicants

  • Our beneficiaries (depending on your job function);
  • Vetting agencies; and
  • Next-of-kin in emergency situations.

Healthcare Providers

  • Our beneficiaries;
  • Banks; and
  • SARS.

Suppliers, Vendors, Other Persons, Public and Private Bodies

  • Our beneficiaries;
  • Banks; and
  • SARS.

If you share your personal information with any third parties, we will not be responsible for any loss suffered by you or your employer (where applicable).

14. RECORD-KEEPING

We maintain records of your personal information for as long as it is necessary for lawful purposes related to the conducting of our business, including the administration of Scheme membership, to provide services to you, pay claims, comply with legal obligations, attend to complaints, disputes and litigation, perform and enforce agreements, comply with our Rules and the law, and for historical, statistical and research purposes subject to the provisions of the law.

15. INFORMATION SENT ACROSS THE BORDERS OF THE REPUBLIC OF SOUTH AFRICA

We send details of beneficiaries, who are abroad and in need of emergency treatment and care, to our international emergency service providers. Personal information may be stored on servers (‘clouds’) outside of the Republic of South Africa. We will implement mechanisms to ensure that such storage is compliant with applicable legislation. We are not planning to send any other personal information about any data subject to any other third party in a foreign country. Should this be required, relevant data subject consent will be obtained, if required, and transfers of such information will occur in accordance with the requirements of the law.

16. SECURITY OF YOUR PERSONAL INFORMATION

We are committed to ensuring the security of your personal information to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. We have implemented and continually review and update our information protection measures to ensure the security, integrity, and confidentiality of your information in accordance with industry best practices. These measures include the physical securing of the offices where information is held; secure storage of physical records; password control to access electronic records and off-site data back-ups. In addition, only those officers, employees and service providers or suppliers that require access to your information to discharge their functions and to render services to us are granted access to your information and only if they have concluded agreements with us or provided undertakings regarding the implementation of appropriate security measures, maintaining confidentiality, and processing the information only for the agreed purposes. We will inform you and the Information Regulator, if any person has unlawfully obtained access to your personal information, subject to the provisions of the law.

17. RIGHT TO ACCESS YOUR PERSONAL INFORMATION

You have the right to request access to your personal information in our possession or under our control and information of third parties to whom we have supplied that information subject to restrictions imposed in legislation. If you wish to exercise this right, please complete the prescribed form, available from the Information Officer, and submit it to the Information Officer.

Costs may be applicable to such request, which can be obtained from the Information Officer.

Please consult our PAIA Manual for further information.

18. ACCURACY OF YOUR PERSONAL INFORMATION

It is important that we always have accurate information about you on record as it could impact on communication with you and benefit payment. You must therefore inform us as soon as any of your information has changed. You may also request us to correct or delete any information. Such a request must be made in writing on the prescribed form to the Information Officer. The form can be obtained from the Information Officer. You must provide sufficient detail to identify the information and the correction / deletion required. Information will only be corrected / deleted, if we agree that the information is incorrect or should be deleted. It may not be possible to delete all the information if we may lawfully retain it. Please contact the Information Officer to discuss how we can assist you with your request. If we correct any information and the corrected information will impact on any decision made or to be made about you, we will send the corrected information to persons to whom the information has been disclosed in the past if they should be aware of the changed information.

19. MARKETING OF PRODUCTS AND SERVICES

If you have given us consent, we may occasionally inform you, electronically or otherwise, about supplementary products and services offered by us that may be useful or beneficial to you. You may at any time withdraw your consent and opt out from receiving such information.

20. CHANGES TO THIS POLICY

We reserve the right in our sole and absolute discretion, to revise or supplement this Privacy Policy from time to time to reflect, amongst others, any changes in our business or the law. We will publish the updated Privacy Policy on our website. It will also be available at our offices. Any revised version of the Policy will be effective as of the date of posting on the website, so you should always refer back to the website for the latest version of the Policy. It is your responsibility to make sure you are satisfied with any changes before continuing to use our services.

21. ENQUIRIES AND CONCERNS

All enquiries, requests or concerns regarding this Policy or relating to the processing of your personal information by us should be addressed to the Information Officer at compliance@umvuzohealth.co.za. You may also lodge a complaint with the Information Regulator at POPIAComplaints@inforegulator.org.za should you feel that your personal information has been violated.

We would appreciate it if an affected party could give the Scheme an opportunity to consider their complaint before approaching the Information Regulator.

22. LAWS APPLICABLE TO THIS PRIVACY POLICY

This Privacy Policy is governed by the laws of the Republic of South Africa.