Privacy Policy

1. Introduction

HashData (Pty) Ltd, trading as DocNearby ("DocNearby," "we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, mobile application, or use our services.

Company Information:
HashData (Pty) Ltd (t/a DocNearby)
E001 — Fairway Square, 23 Fairway Close
Parow Golf Course, Parow
Cape Town, 7500, South Africa
Email: support@docnearby.io

2. Information We Collect

2.1 Personal Information

We collect personal information you provide directly to us, including:

• Account Information: Name, email address, password, phone number
• Profile Information: Professional credentials (for practitioners), specialties, languages spoken
• Health Information: Medical history, symptoms, consultation notes (stored securely and encrypted)
• Payment Information: Billing address (payment details are processed by our payment provider and not stored on our servers)
• Communication Data: Messages between patients and practitioners

2.2 Automatically Collected Information

• Usage Data: Pages visited, time spent on pages, click-through rates
• Device Information: IP address, browser type, operating system, device identifiers
• Location Data: Approximate location based on IP address (with consent for precise location)
• Cookies and Tracking Technologies: Session cookies, analytics cookies

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our services
• Process appointments and payments
• Facilitate communication between patients and practitioners
• Verify practitioner credentials and licenses
• Send important updates and notifications
• Provide customer support
• Comply with legal obligations
• Prevent fraud and ensure platform security
• Conduct research and analytics to improve our services

4. Legal Bases for Processing (POPIA)

In accordance with the Protection of Personal Information Act (POPIA), we process personal data based on:

• Contract: Processing necessary for service delivery
• Consent: Where you have given specific consent
• Legitimate Interest: For service improvement and security
• Legal Obligation: To comply with applicable laws
• Vital Interest: To protect health and safety

5. Information Sharing and Disclosure

5.1 Service Providers

We share information with trusted third parties who assist us in operating our platform:

• Payment Provider: Payment processing (subject to the provider's privacy policy)
• Cloud Hosting: Secure data storage and platform hosting
• Analytics: Service usage analytics (anonymized data)
• Communication: Email and SMS services for notifications

5.2 Healthcare Practitioners

Patient information is shared with chosen practitioners for appointment purposes only.

5.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes
• Protect our rights and property
• Ensure user safety
• Investigate potential violations

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All sensitive data is encrypted in transit and at rest
• Access Controls: Strict access controls and authentication requirements
• Regular Audits: Security assessments and vulnerability testing
• Staff Training: Regular privacy and security training for all employees
• Secure Infrastructure: Industry-leading cloud security practices

7. Data Retention

We retain your information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

Medical records and consultation data are retained for 7 years after the last interaction, or as required by applicable healthcare regulations.

8. Your Rights and Choices

8.1 General Rights

• Access: Request access to your personal data
• Correction: Update or correct your information
• Deletion: Request deletion of your account and data
• Portability: Request a copy of your data in a portable format
• Objection: Object to certain processing activities

8.2 POPIA Rights

Under the Protection of Personal Information Act (POPIA), you have the right to:

• Access personal information we hold about you
• Correct or delete personal information
• Object to the processing of personal information
• Lodge complaints with the Information Regulator of South Africa
• Withdraw consent where processing is based on consent

9. Where Your Data Is Stored

DocNearby is hosted in South Africa and your personal information is stored on servers located in South Africa. We apply appropriate technical and organisational safeguards to protect your information in line with POPIA.

10. Cookies and Tracking

We use cookies and similar technologies to:

• Remember your preferences
• Maintain your session
• Analyze platform usage
• Improve user experience

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

11. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

12. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

• Email notification
• Platform notification
• Website posting

Continued use after changes indicates acceptance of the updated policy.

14. Contact Us

For privacy-related questions, concerns, or to exercise your rights, contact us:

15. Information Regulator

If you have concerns about our processing of your personal information that we have not resolved, you may lodge a complaint with the Information Regulator (South Africa):

Email: POPIAComplaints@inforegulator.org.za
Website: https://inforegulator.org.za