POPIA Compliance

1. Our Commitment

My Vitals, operated by Eclipse Softworks, is committed to full compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA"). POPIA regulates how we collect, process, store, and share your personal information. Your privacy is a fundamental right and we treat it accordingly.

2. Who Is the Responsible Party?

Eclipse Softworks is the Responsible Party as defined under POPIA. We determine the purpose and means of processing your personal information. Our Information Officer can be contacted at privacy@eclipse-softworks.com.

3. What Personal Information We Collect

In accordance with POPIA, we only collect personal information that is necessary for the specific purpose for which it is collected. This includes:

• Identifying information: Full name, date of birth, gender, South African ID number or passport number.
• Contact details: Email address, phone number, and physical address.
• Health information: Medical history, allergies, current medications, insurance details — classified as Special Personal Information under POPIA.
• Appointment data: Booking history, attending physician, and clinical notes.

4. Lawful Basis for Processing

We process your personal information on the following lawful grounds under POPIA:

• Consent: You provide explicit consent during registration for the processing of your personal and health information.
• Contractual necessity: Processing is necessary to provide the appointment booking and healthcare facilitation services you request.
• Legal obligation: We may process information where required by South African law or a court order.
• Legitimate interest: To improve platform security and prevent fraud.

5. Special Personal Information

Health and medical information constitutes Special Personal Information under POPIA Section 26 and is afforded additional protection. We process this information only with your explicit consent and solely for the purpose of facilitating your healthcare appointments and treatment. We do not process health information for marketing, profiling, or any purpose beyond direct healthcare delivery.

6. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

• Right of access: Request a copy of the personal information we hold about you.
• Right to correction: Request correction of inaccurate, incomplete, or outdated information.
• Right to deletion: Request deletion of your personal information, subject to our legal retention obligations.
• Right to object: Object to the processing of your personal information on reasonable grounds.
• Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Right to lodge a complaint: Lodge a complaint with the Information Regulator of South Africa.

7. Information Security

We take reasonable technical and organisational measures to protect your personal information from unauthorised access, loss, destruction, or disclosure. These measures include encrypted data storage, restricted access controls, and regular security assessments.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Regulator as required by POPIA Section 22.

8. Retention of Information

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Medical records are retained in line with the National Health Act 61 of 2003 and applicable South African healthcare regulations. Thereafter, information is securely deleted or anonymised.

9. Third-Party Operators

We use third-party service providers ("Operators" under POPIA) who process personal information on our behalf. These include:

• Appwrite — secure cloud data storage and authentication.
• Paystack — payment processing (subject to Paystack's own POPIA compliance obligations).
• Resend — transactional email delivery.

All Operators are contractually bound to process personal information only on our instructions and in accordance with POPIA.

10. Information Regulator

If you believe your rights under POPIA have been violated, you have the right to lodge a complaint with the Information Regulator of South Africa:

• Website: www.inforegulator.org.za
• Email: inforeg@justice.gov.za
• Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

11. Contact Our Information Officer

To exercise any of your rights under POPIA or for queries about how we handle your personal information, please contact our Information Officer at privacy@eclipse-softworks.com. We will respond within the timeframes prescribed by POPIA.