EFFECTIVE DATE: 1 JULY 2021

LAST UPDATE: 1 FEBRUARY 2023

This Privacy Policy (“Policy”) constitutes the formal policy of Fluorovizion Holdings (Pty) Ltd, any of its holding companies, all of its subsidiary companies from time to time, and any other entities owned and managed by one or more of the same directors (hereinafter collectively “the Group”). For the purposes of this Policy, the Group conducts business at Joules House, 804 Hammets Crossing Office Park, 2 Selbourne Road, Johannesburg North, 2188.

1. INTRODUCTION

Our Group supplies a range of reputable, internationally acclaimed medical and surgical products to medical institutions throughout South Africa and across South African borders to Namibia. We further facilitate the training of the medical professionals who use these products to ensure the highest level of safety and care. The Group is locally and globally accountable to regulatory authorities and oversight bodies applicable to the medical devices industry. As a result, we are committed to applying the highest level of ethics and compliance standards to our operations and will foster a culture of compliance throughout the workplace.

We, as a Group, respect your right to privacy and express our commitment to safeguarding and protecting your identity and your personal information, which we access and acquire through your use of our website, social media platforms and electronic mail.   

This Policy sets out the types of information we may collect or acquire through our online platforms and the Group’s practices regarding how we collect, use, store and share your personal information.  

Please read this policy carefully to understand our policies and practices concerning your information and our commitment to processing it transparently in line with the law.

This policy has been drafted to meet the requirements of the Protection of Personal Information Act 4 of 2013 (“POPIA”) and the Promotion of Access to Information Act 2 of 2000 (“PAIA”) and, to be aligned with the European Union General Data Protection Regulations: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (sometimes collectively referred to herein as “existing laws”).

2. SCOPE OF THE POLICY

This Policy applies to:

• all current and future employees; all subsidiaries, business units, departments, and third-party service providers (whether existing or future) and all other individuals directly or indirectly associated with any one or all of the entities of the Group;
• all of our online platforms regardless of who owns, hosts, or establishes them;
• all persons who make use of our online platforms; and
• all personal information processed by or on behalf of the Group through the use of our online platforms.
•  

3. INFORMATION COLLECTION

We collect personal information through our online platforms mainly for doing business, promoting products and the Group, and improving our service delivery.

The type of information collected may depend on the purpose for which it is collected, and it will only be processed for that specific purpose. Information will be collected either from you directly, or automatically as you use and navigate through our online platforms.

While some information may enable you to be personally identified, such as your name and contact details (“Personal Information”), other information that we acquire may relate to your connectivity, the device you are using and your browsing history, including your use and navigation of our website and social media platforms.

As far as possible, the Group will collect information directly from you and with your consent. However, if you provide information to us on behalf of another individual, you represent that you have the necessary authority and capacity to do so.

Our online platforms are not directed at individuals under eighteen (18) or who do not have the requisite capacity to make decisions or manage their own affairs. Where a minor or incapacitated individual has submitted Personal Information, and you would like such information to be removed or deleted, please follow the “Contact Us” section of this Policy set out below.

Information you provide to us

We require that you provide us with your name and email address when you use the “Contact Us” tab on our website to contact us directly. We may also acquire similar information from you when you contact us via email, including any details contained in your email signature, or when using the messenger features on social media platforms which may provide us with access to your profile.

Automatic collection of your information

While you use and navigate our website and social media platforms, automated data collection technologies may collect information on your device, internet connection and browsing history, including preferences or patterns in your behaviour on the website.

• Through your browser

Your web browser is the application software you use to access the internet, for example, Safari or Google Chrome. Most browsers collect information such as your Media Access Control (MAC) address, Internet Protocol (IP) address, computer type, screen resolution, browser speed, operating system name and version and internet browser type and version. We may collect similar information, such as your device type and identifier, if you access our website through a mobile device. We use this information to ensure that our website functions efficiently. Your browser also collects more personalised information on you, for example, your browsing history, which you can delete.

• Using cookies

The Group uses “cookie” technology on its website to improve your browser experience. The website uses essential cookies for the operation of the Group’s website that are, by default, set to indicate consent by the user, which permission can be denied by the user by selecting the relevant disable/enable tabs in the “Cookie Table” displayed to them. The website deletes information gathered by the essential cookies immediately at the end of the browser session.

The Group’s website requests users to grant, by affirmative action, specific, informed, and unambiguous consent before using cookies on the user’s device or collecting and storing information about the user and is transparent about the types of cookies stored and the periods that the data is stored.

First-party cookies are those sent to your browser by the website server you visit. They allow website owners to collect analytics data such as the number of visitors per month, the average visit duration, and popular pages. This information is used to review and improve our website performance. The browser is also able to remember language preferences, usernames, and passwords.

Third-party cookies are those sent to your browser by servers other than the website you are visiting and are used for cross-site tracking, retargeting, and online advertising purposes. Cookies of this type are the sharing buttons across the site, which allow visitors to share content on social networks. Facebook, Instagram and LinkedIn currently set cookies. You should be aware that these sites will likely be collecting information about what you are doing around the internet, including our website.

• Cookies (or browser cookies): a cookie is a small file placed on your computer’s hard drive. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our website. Unless you have adjusted your browser settings to refuse cookies. Our system will issue cookies when you direct your browser to our website. View our Cookie Policy

• Web Beacons: Pages of the website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Group to, for example, count users who have visited those pages, record the popularity of certain website content, or verify system and server integrity. The collection of this information is anonymous.

• Anonymous Data

The Group’s website monitors user experience while using the website and collects anonymous connection statistics. This information will be used solely to improve the Group’s website service and add value to users when they visit the site. The Group may automatically collect and store certain information, which includes but is not limited to the following:

• Technical information, including a user’s IP address, which is used to connect to their computer, internet operating system, browser type and platform for the system’s administration; and

• Information about a user’s use of our website which includes details of their visits such as pages viewed and the resources they accessed. Such information includes traffic data, location data, and other communication data.

Contact us

If you have any queries, or you would like to comment on the online or other services of the Group, you may complete the contact form on our website, where you will need to input your name and email address, enter your message and send by clicking on the submit tab, an email will be sent directly to us. We shall endeavour to respond to you as soon as possible, but no later than forty- eight (48) hours after the successful transmission of your message if no communication regarding a delay has been received by you. You may be required to provide us with additional information when you request our services. We strive to collect only the required information for the intended purpose of collection. We will use your information to fulfil your inquiry, provide services and information to you as we deem appropriate, and for any other purposes set out in this Policy.

Links to other websites

The Group’s website will contain links to or from other websites, for example, links to our suppliers’ websites, The user must read and familiarise themselves with these websites’ privacy and security policies as the Group is not responsible for the privacy and security thereof. The inclusion of links will be for convenience or information purposes only and does not mean that the Group endorses those websites and their content.

Social Media Platforms

The Group uses various social media platforms to promote its business and connect with its customers, including Facebook, Instagram, and LinkedIn. Users who engage on these platforms acknowledge that they are public platforms where they may be identifiable from profile images or by name. Individuals are encouraged by the Group to put in place restrictive privacy settings on their personal profiles to prevent unsolicited activity and communications on their profiles. The Group does not endorse the posting of prejudicial or abusive content, which shall not be construed as forming the views of the Group and/or its directors and associates, and such content will be immediately removed once it has come to the Group’s attention.

SPECIAL PERSONAL INFORMATION

Existing laws afford certain information special protection, namely information regarding religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasions, health or sex life, biometric data, and criminal behaviour (“Special Personal Information”). The Group does not typically request or require this information from users of its online platforms. You are requested not to volunteer this information unless specifically and directly requested by trusted personnel of the Group.

Individuals are encouraged to enquire about the trustworthiness of a particular requester or collector and/or the purpose for collection before providing this information to the Group. Special Personal Information will never be requested from you through any of our online platforms.

Other sensitive information which the Group may require through our online services may include contact and location information which will require consent and/or include an opt-out function for the provision of marketing and promotional materials.

4. PURPOSE SPECIFICATION

Other than consent, the additional legal bases for the justifiable use of your Personal Information provided under existing laws include:

The conclusion or performance of a contract with you; compliance with a legal obligation; the protection of your legitimate interest; or for our legitimate business purposes or that of the third-party with whom your information is shared.

The Group may use information about you that we collect or that you provide to us for many reasons, including but not limited to the following:

• for audit and record-keeping purposes to ensure that the Group is at all times compliant with legal, regulatory and/or contractual requirements;
• to enable the Group to fulfil general compliance functions, which require a high level of recording to demonstrate that business has been done lawfully, in a transparent manner, and with the health and safety of patients as a top priority;
• to keep records of all statutory/regulatory information which the Group is expected to report on/act upon;
• to carry out or fulfil contractual and legal obligations;
• to provide functional, customer-related service;
• to respond to customer inquiries, requests, and complaints;
• to send you important information regarding our relationship with you, changes to the business or its policies, terms and conditions, or products and services;
• to enhance, improve and modify our online services, in particular, our website;
• to identify market and usage trends;
• to better understand your preferences, needs and interests to deliver better products, online content, marketing campaigns and promotional materials;
• to personalise our interactions with you;
• to conduct market or customer satisfaction research;
• to determine the effectiveness of marketing campaigns so they may be adapted and improved;
• for the purposes of and in connection with legal proceedings;
• to allow for authorised and permissible client/supplier/vendor/ communications;
• to facilitate authorised and permissible day-to-day email and other electronic communications;

Where information is not collected directly from you, it may be collected indirectly from other sources in the following circumstances where:

• the information is a matter of public record or has been made public by you;
• you or a competent person have consented;
• collection from such source does not prejudice your legitimate interests;
• it is necessary for law enforcement or national security, for the collection of revenue, for the conduct of legal proceedings, to maintain the legitimate interests of the Group or a third party, for example, to fulfil the Group’s legislative mandate and/or sector-specific obligations; or
• compliance would prejudice lawful collection or is not reasonably practicable in particular circumstances.

5. FAILURE TO PROVIDE INFORMATION

While the provision of your information is voluntary, it may also be necessary to provide you with full use of and access to the website and its content, to have a complaint or request addressed, or to be kept abreast of communications or updates from the Group.

Should you refuse to accept certain cookies or disable any device or browser settings, you may be prevented from fully accessing our website and/or from making fully using all its functionalities. Additionally, you may be prevented from accessing and sharing certain content that has been published.

For you to have a complaint or request adequately addressed, we will need sufficient Personal Information to enable us to engage with you. Depending on the nature or your request or complaint, we may require further information from you, including the completion of formal request or complaint forms.  

POPIA Complaint Form.pdf

Should you be subscribed to receive regular communications from the Group, including marketing material, industry-related information, or updates on the Group or its business, then you will then at all times be able to unsubscribe from receiving such information by following the link provided in the communication channel. 

6. YOUR RIGHTS

When it comes to the processing of your Personal Information, you have the following rights:

The right to:

• be informed at the time of collection of your Personal Information of certain material information including what information should be provided, why this information should be provided and how your data will be processed.

In addition, you also have the right to:

• request access to your Personal Information;
• request that we update or correct your Personal Information;
• request the deletion of your Personal Information if it is inaccurate, irrelevant, excessive, outdated, incomplete, misleading, has been unlawfully obtained, or where we are no longer authorised to keep it;
• object to the processing of your Personal Information on reasonable grounds;
• withdraw any consent to the processing of your Personal Information which you have provided;
• object to the processing of your Personal Information for purposes of direct marketing other than by means of unsolicited electronic communications (automatic calling machines, fax machines, mobile communications and email), which is not allowed without your consent);
• restrict the processing of your Personal Information by us in certain limited instances;
• request that your Personal Information be provided to you in a structured and machine-readable format, or transferred to a third party in certain limited circumstances;
• object to the processing or further processing of your Personal Information where processing is based on the legitimate interest justification and the weighing up of respective interests is being determined;
• lodge a formal complaint with the Information Regulator if you are not satisfied with the handling of a complaint you have made to us, the details of whom must be provided; and
• query a decision that the Group has made about you solely by automated means and which decision affects you.

These rights are not absolute and must be balanced against other competing rights. These rights may be limited owing to the nature of any legislative or public interest mandate, or they may be subject to an exception that may impact these rights. Where a further interest which the Group is mandated to protect, substantially outweighs to a substantial degree, the interference with your rights, the Group will as far as possible, explain the limitation or exception being relied upon and its impact on your rights.

7. SAFEGUARDING YOUR PERSONAL INFORMATION

Maintaining the security and integrity of your personal data is a high priority of the Group.

We endeavour to maintain appropriate technical and organisational measures, using accepted technological standards to prevent: (a) loss of, damage to, or the unauthorised destruction of Personal Information; and (b) unlawful access to or processing of Personal Information. The Group’s security systems, processes, procedures and controls are designed to maintain confidentiality, prevent loss of unauthorised access to and/or damage to Personal Information by unauthorised parties. In addition, we will conduct regular and continuous vulnerability and risk assessments and review our security controls and processes to improve our security posture and provide assurance to all stakeholders.

Measures employed by the Group to protect Personal Information includes, but is not limited to, robust IT security, regular IT security checks and back-ups, ongoing vulnerability and risk assessments, restricted access by authorised personnel only, password controls, locked filing cabinets with the key held by senior management, electronic alarm systems on each wing of the building, manned access into the office park, and security guard patrols.

The transmission of information via the internet is never completely secure. Although we have implemented security measures to protect your Personal Information, we cannot guarantee the security of your Personal Information when it is being transmitted to our website. Therefore, any transmission of Personal Information is at your own risk.

8. DISCLOSURE TO THIRD PARTIES

The Group may, from time to time, share or disclose Personal Information with third parties, but only if:

• you have consented;
• an agreement is in place with the Group and the third party;
• it is necessary to fulfil the Groups’ legislative mandate;
• it is required by law (including laws outside of your country of residence);
• the Group has a public duty to disclose it;
• your legitimate interests require disclosure; and/or
• it is required for legitimate business purposes.

Third parties may include, but are not limited to:

• information regulators, including foreign information regulators;
• other regulators, including foreign regulators;
• registered auditors, including foreign auditors;
• law enforcement agencies, including foreign law enforcement agencies; and
• verification agents.

In addition to the above and for legitimate business purposes, the Group may be required to share your Personal Information with certain third-party service providers, which may include those who provide services such as website hosting and moderating, mobile application hosting, payment processing, order processing and fulfilment, IT services, legal and auditing services, e-mail and direct mail delivery services, storage services, customer service, data analysis, infrastructure provision and any other reasonable services which the Group relies on to conduct its business.

The Group will, as far as possible, take adequate measures to ensure that third parties with whom Personal Information is disclosed comply with existing laws and that they will protect the information disclosed. We will conduct internal due diligence and, where applicable, place appropriate contractual arrangements for this purpose.

9. TRANSBORDER DISCLOSURES

Generally, the Group will not be transferring your information acquired through your use of any of our online platforms across borders. However, instances where, this may become necessary and appropriate would include, but not limited to, disclosures to:

• other regulators outside of South Africa to fulfil a legislative mandate; or
• law enforcement agencies for investigation purposes.

The Group acknowledges that other countries may not have the same level of protection as that which is afforded by the existing laws, however, we will put in place appropriate contractual arrangements and, as far as possible, conduct its own internal due diligence measures to protect your information. We will do our best to ensure that any third parties will treat your information at least with the same level of privacy and protection as that which is provided by us.

10. RETENTION OF PERSONAL INFORMATION

Once the purpose for which we require your Personal Information has been fulfilled, we will no longer be permitted to process it unless another legal justification for exists. Personal Information will be retained and destroyed by us as required or authorised by law, a contract or for the operational and business requirements of the Group. The existence of any ongoing or anticipated legal proceedings or a regulatory audit or investigation will also result in records being retained for an extended period.

Personal Information linked to clinical trials or foreign entities is generally kept indefinitely but within reason, meaning the records would be destroyed if an entity were to cease existing, or where so much time has passed that the information linked to a clinical trial would no longer be relevant.

The Group will only keep Personal Information for as long as is necessary to achieve the purpose for which it was collected, in accordance with one of the justifications outlined above and no longer than the period for the expiry of claims or as required by law. We will maintain policies and procedures to ensure that any Personal Information which is no longer required is deleted or destroyed.

11. INFORMATION OFFICERS (‘IOs’) AND DEPUTY INFORMATION OFFICERS (‘DIOs’)

As required by POPIA and PAIA, each entity within the Group will have a formally appointed IO who may then delegate some or all their responsibilities to any other duly authorised DIO/DIOs.

The IO/DIO is responsible, inter alia, for:

• encouraging and ensuring compliance with POPIA;
• working with regulators in the event of any investigations;
• conducting a preliminary Personal Information impact assessment;
• developing, implementing, monitoring and maintaining this policy and compliance framework;
• ensuring that this policy and compliance framework is supported by appropriate documentation, which must be relevant and kept up to date;
• ensuring the communication of the policy and compliance framework and any subsequent updates throughout the organisation;
• developing, implementing and maintaining a PAIA Manual and making it available;
• dealing with requests for access to information;
• developing internal measures together with adequate systems to effectively process requests for access to information; and
• conducting internal awareness sessions on POPIA, any POPIA regulations, applicable codes of conduct, or other information obtained from the Regulator.

APPOINTED IOS AND DIOS

The following persons are appointed as IOs and DIOs for the purposes of PAIA and POPIA and are contactable through any of the channels provided below: