Shout Privacy Policy

1. Purpose

The Purpose of this policy is:

  • to set out Shout-It-Now’s (Shout’s) commitment to protecting and respecting our clients’, employees’ and partners’ Personal Information;

  • to detail how Personal Information is collected, received, used, stored, transferred, disclosed, secured and processed;

  • to detail our practices with regards to our clients’, employees’ and partners’ Personal Information and how we handle it; and

  • to document how Shout, as an organisation is complying with the Protection of Personal Information Act, 4 of 2013.

The following principles apply to this policy:

  • Shout is committed to ensuring that there is adequate protection of Data Subjects’ Personal Information in place;

  • Shout is committed to the prevention of unauthorized access or use of stored Personal Information of Data Subjects;

  • Personal Information of Data Subjects are stored until no longer needed for review, at which point it is deleted from all storage locations;

  • Data files are transported in an encrypted format whenever they are transferred outside of the organisation. Encryption keys or passwords are transmitted to the recipient on a channel other than that of the file itself;

  • Shout may disclose a Client’s Personal Information to any department, subsidiary, joint venture company and / or third-party service provider, whose services or products clients elect to use; and

  • Shout can only share Client’s Personal Information with third parties when it has a duty or a right to disclose such in terms of applicable legislation, or where it may be deemed necessary in order to protect the organisation’s right.

2. Audience

The audience of this policy document includes clients, employees, partners and service providers of Shout.

3. Scope

The Privacy Policy document details how Personal Information is collected, received, used, stored, transferred, shared, secured, and processed; and details our practices with regards to our clients’, employees’, partners’ and service providers’ Personal Information and how we handle it.

4. Definitions

  • Child means a natural person under the age of 18 years who is not legally competent, without the assistance of a competent person, to take any action or decision in respect of any matter concerning him- or herself;

  • Client means those persons to or in respect of whom Shout provides services, being those persons to whom the Personal Information relates and who have a contractual relationship with Shout, it’s employees and partners’ who are Operators of Shout for the provision of services or goods;

  • Competent Person means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child;

  • Consent means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information;

  • Data Subject means the person to whom personal information relates;

  • Employee means any employee, independent contractor, agent, consultant, sub contractor or other representative of either Party or their affiliates;

  • Operator means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party;

  • Partner means an organization who has a contractual relationship with Shout to administer authorised services in terms of the contract.

  • Personal Information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to-

    1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

    2. information relating to the education or the medical, financial, criminal or employment history of the person;

    3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

    4. the biometric information of the person;

    5. the personal opinions, views or preferences of the person;

    6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

    7. the views or opinions of another individual about the person; and

    8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;

  • POPIA means the Protection of Personal Information Act, 4 of 2013 and includes any regulations to or rules in terms of the Protection of Personal Information Act, 4 of 2013 and any subsequent amendments to it;

  • Processing means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including-

    1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;

    2. dissemination by means of transmission, distribution or making available in any other form; or

    3. merging, linking, as well as restriction, degradation, erasure or destruction of information;

  • Responsible Party means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information;

  • Special Personal Information means Personal Information as referred to in section 26 of POPIA;

  • Service Provider means an individual or entity that provides services to Shout. The provision of services between the service provider and Shout is governed by a service agreement/ contract;

5. Collection of Personal Information

This section details the types of Personal Information collected by Shout, the various forms Shout collects Personal Information and from whom.

5.1. Types of Personal Information Collected

Shout collects different types of Personal Information and in various forms. The type of Personal Information collect may include, but is not limited to:

  • First name and last name

  • Identity number

  • Email address

  • Province of birth

  • Details of sex life

  • Fingerprint scan

5.2. Methods of Collecting Personal Information

Personal Information may be collected from different parties for specific reasons. These parties and the methods of collection are detailed below.

We may collect Personal Information from you when you:

5.2.1. Clients

  • come onto one of our vehicles for health care services, we provide such as HIV testing,

  • are referred by one of our partner organisations for health care services we provide,

  • after visiting one of our vehicles, request to be contacted regarding additional service offerings, such as a gender-based violence consult,

  • visit our website or social media accounts,

  • enquire about any of our services,

  • fill in a form or survey for us,

  • participate in a competition or promotion or marketing activity,

  • contact us, for example, by email, telephone or social media,

5.2.2. Employees and prospective employees

  • apply for job with us as part of our recruitment process,

  • apply for a promotion with us as part of our recruitment process, and

5.2.3. Service providers

  • enter into an agreement with us to provide services to us.

6. Use of Personal Information

Shout may use your Personal Information for the following purposes (please note this list is not exhaustive):

  • To contact you for follow up visits, medication and referral services requested by you,

  • To administer health services including HIV tests to you,

  • To give you your results,

  • For our internal data and statistical analysis,

  • To attend to and manage requests from you,

  • To evaluate and improve our services offered,

  • For awareness and marketing campaigns,

  • For reference checks as part of our recruitment process for prospective employees,

  • For record keeping purposes as such as employee records/ files,

  • For the performance of a contract, and

  • To verify a company’s registration for a service provider.

7. Retention of Personal Information

The POPIA states that an organisation may not retain data any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed unless retention of the record is required by or authorised by law. The data may be retained for periods in excess of the period stated in the POPIA, provided that it is retained for the various reasons set out in the POPIA, such as for historical, statistical or research purposes.

Shout will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to achieve the purpose for which the Personal Information was collected, for what is required for subsequent processing, in order to comply with our legal obligations (for example, if we are required to retain your Personal Information to comply with applicable laws), in order to resolve disputes and to enforce our legal agreements and policies.

8. Sharing of Personal Information

Shout commits to only share your Personal Information under the conditions consented to by you. Shout undertakes to share only those aspects of your Personal Information which is necessary, or which is necessary to comply with any applicable laws, while preserving the confidentiality, privacy and security of that information as far as possible.

Where Shout is required to share your Personal Information or Special Personal Information with third parties, we will ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under POPIA.

Shout will apply the utmost confidentiality to your Personal Information in accordance with POPIA.

Shout may share your Personal Information for the following purposes, but not limited to:

  • to enable the employees of Shout to perform their duties,

  • to facilitate the due and proper administration of the operations of Shout,

  • to provide statistical information and results of our performance to the government, our funders and partners (some of which may be in the United States of America),

  • to our service providers to monitor and enhance the services offered,

  • to enable our partners to contact you for the referral services requested by you (our clients),

  • as part of a business merger, sale of company assets, financing, change in ownership of our company or acquisition of all or a portion of our business by another company,

  • with third party clinical equipment suppliers and maintenance technicians to the extent that your Personal Information is stored or recorded on any of the clinical equipment used for the purposes of providing you with healthcare services we provide,

  • with attorneys and other professionals acting on your behalf who may, on your instruction or with your knowledge and authorisation, seek access to your Personal Information, which may include your health information, for your benefit either for litigious or non-litigious reasons, to share your information with our own attorneys and/ or other professionals for instituting or defending any potential legal and/or medico-legal claims and/ or evaluating any of the healthcare services we provide,

  • with our relevant team, who performs internal investigations, if an incident related to healthcare services provided to you occurs, as part of Shout’s quality improvement and incident investigation processes,

  • with third party service providers for the purposes of conducting our post-services survey to ensure the ongoing quality of our services provided,

  • with organisations providing IT systems support and software development and for hosting in relation to the IT systems on which your information is stored,

  • with third party service providers for the purposes of storage of information and confidential destruction, or

  • Shout may be required to share Personal Information and Special Personal Information about you and your care with regulators such as the Department of Health, the Health Professions Council or the National Institute for Communicable Diseases. Shout will ensure that we do so within the parameters of the law and with due consideration to your privacy.

9. Security of Personal Information

Your Personal Information will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with this our applicable Privacy Policy, POPIA and national health laws.

We are legally obliged to take reasonable steps to provide adequate protection for the personal information we hold and to prevent unauthorized access and use of Personal Information. All reasonable measures will be taken to secure the integrity and confidentiality of Personal Information. We will on an ongoing basis, review our security controls and related processes to ensure that your Personal Information remains secure, and we will take the necessary steps to inform you of any breaches in accordance with the Act.

9.1. Organisational Security Measures

All reasonable measures will be taken to secure the integrity and confidentiality of Personal Information and to:

  1. Prevent loss of damage to or unauthorised destruction of Personal Information;

  2. Ensure no unlawful access to or processing of Personal Information;

  3. Identify all reasonably foreseeable internal and external risks to Personal Information in its possession or under its control;

  4. Establish and maintain appropriate safeguards against the risks identified;

  5. Regularly verify that the safeguards are effectively implemented; and

  6. Ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.