Privacy Policy

Introduction and scope

AvN Wellness Clinic respects your privacy and is committed to protecting the personal information we hold. This policy explains what personal information we collect from patients and website visitors, why we collect it, how we use and store it, who we may share it with, and the rights you have under South African law, including the Protection of Personal Information Act (POPIA).

Information we collect and how we collect it

What we collect

• Identity and contact details: name, date of birth, address, phone number, email, and ID or passport number when required.
• Clinical and health information: medical history, medications, allergies, clinical notes, treatment records, vaccination records and wound photographs where relevant.
• Payment and billing information: payment method, receipts and medical aid details when provided.
• Website and technical data: IP address, device and browser information, cookies and analytics data when you use our website.

How we collect information

We collect information directly from you when you book or attend an appointment, complete registration or consent forms, upload documents via the Contact page, call or email us, or use the website. With your consent we may also receive limited information from referring clinicians or other healthcare professionals. We do not collect more information than is necessary for the purpose for which it is collected.

How we use your information and lawful grounds for processing

Primary uses

• To provide clinical care, treatment and to manage appointments.
• To prepare and maintain clinical records, invoices and vaccine or treatment documentation.
• To communicate appointment reminders, test results and follow-up care.
• To process payments and, where requested, to assist with medical aid claims.
• To meet legal, regulatory and professional obligations.

Lawful grounds

We process personal information where it is necessary to provide healthcare services, where you have given consent, and where processing is required to meet legal or regulatory obligations. Clinical and health information is treated as special personal information and is processed only where lawful and necessary for healthcare delivery.

Sharing information, third parties, security and retention

When we may share your information

• With medical aid schemes or administrators when you request a claim and provide consent.
• With other healthcare professionals for continuity of care, with your consent.
• With trusted service providers who support our operations (for example, booking platforms, IT hosting and payment processors). These providers are contractually required to keep your information secure and to use it only for the services they provide to us.
• When required by law, court order or regulatory authority.

We do not sell personal information to third parties. When we share data we take steps to ensure appropriate safeguards are in place, including data processing agreements and access controls.

Security

We use administrative, technical and physical safeguards to protect personal information from unauthorised access, loss or damage. Measures include role-based access controls, staff training, encrypted backups, secure hosting and secure disposal of records when retention periods end. While we take reasonable steps to protect data, no system is completely secure. If a data breach occurs we will follow legal reporting obligations and notify affected individuals where required.

Retention

We retain personal and clinical records for the periods required by professional guidelines and law. When records are no longer required we will securely delete or destroy them. If you need the specific retention period for your records, contact us via the Contact page and we will provide the applicable retention schedule.

Your rights and how to exercise them

You have the right to:

• Request access to the personal information we hold about you.
• Request correction of inaccurate or incomplete information.
• Request deletion of information where lawful and appropriate.
• Object to or restrict certain processing activities where applicable.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, submit a request via the site Contact page. We will verify your identity before responding and will respond within the timeframes required by law. We may ask for additional information to locate records or to confirm your identity. If you are not satisfied with our response you may lodge a complaint with the Information Regulator of South Africa.

Cookies, website analytics and marketing

Cookies and analytics

Our website uses cookies and analytics to improve functionality and understand how visitors use the site. Cookies do not identify you personally but may store preferences or session information. You can manage cookie settings through your browser; disabling some cookies may affect site functionality.

Marketing

We will only send marketing communications where you have given consent. You can opt out of marketing messages at any time by following the unsubscribe link in the message or by contacting us via the Contact page.

Cross-border transfers

Some of our service providers may process or store information outside South Africa. Where personal information is transferred across borders we will ensure appropriate safeguards are in place, such as contractual protections and security measures, and we will comply with applicable legal requirements for international transfers.

Children and minors

We do not knowingly collect personal information from children under the age of 18 without appropriate parental or guardian consent. If you believe we have collected information about a child without consent, please contact us via the Contact page so we can take corrective action.

Data breaches and notifications

If we become aware of a security incident that affects personal information we will take immediate steps to contain and investigate the incident, assess the risk to affected individuals and notify those affected and any relevant regulator where required by law.

Changes to this policy

We may update this policy from time to time. The effective date at the top of this page shows when the policy was last revised. Significant changes will be posted on the site. For privacy enquiries, to request access, correction or deletion of your records, or to report a concern, please use the Contact page.

Complaints and regulator

If you are not satisfied with how we handle your personal information you may raise the matter with us via the Contact page. You may also lodge a complaint with the Information Regulator of South Africa if you believe your rights under POPIA have been breached.