UNIFY ANALYTICS (PTY) LTD t/a UNIFY HEALTH, a company incorporated in South Africa under registration number 2018/276531/07 (“UNIFY HEALTH,”, “we” or “us”) is strongly committed to protecting the privacy, security and online safety of its clients, employees, and service providers.
This commitment extends to personal information about you that we might possess or acquire. We strive to protect the personal information under our control and take certain precautions to help maintain the security and accuracy of that data.
This Privacy Policy describes how we collect, use and disclose information from and about you when you visit and use this website, and/or any of our products or services.
By accessing or otherwise using the Website and/or any of our products or services, you agree to the terms and conditions of this Privacy Policy, which is incorporated into the Terms of Use.
We regularly review our compliance with this Privacy Policy. If you have any questions about the use of your information, or the contents of this Privacy Policy, please contact us at info@unifyhealth.ai.
1. Collection of Information
2. Information Automatically Collected
3. Information Collected from Other Sources
4. Failure to Provide Personal Information
5. How We Use Your Information
6. Your Control Over Your Information; Accessing and Managing Your Personal Information
7. How we Disclose Your Information
8. Information Security and Data Retention
9. Complaints Procedure
10. Data Breach Procedure
UNIFY HEALTH, collects information from you when you choose to provide it to us. For example, we collect your information when you submit a webform requesting information about one of our Product offerings or otherwise contact us or provide information to us through the Websiteor over the Phone.
The information we collect may include personal information – such as your name, address, e-mail address, telephone number, identity number, medical information and the content of any communications that we exchange – as well as non-personal information when you:
• sign up for a newsletter (you may unsubscribe from promotional emails by clicking “unsubscribe” on the emails you receive from us);
• attend a webinar;
• participate in our surveys;
• communicate with us, for example by submitting queries regarding the Website or a Product and
• use the Website.
In some cases, we require your personal information to prepare a product quote, manage your product structure or to comply with legal requirements.
When using our website, we may also collect Information about how you use our website using cookies, pixel tags, and other similar technologies (collectively, “Cookies”).
• What is a cookie:
• A cookie is a small file and holds a certain amount of data, which our website can send to your browser. It may then be stored on your computer's hard drive and can be accessed by our web server. This cookie data can then be retrieved and can allow us to customise our web pages and services accordingly. It is important to clarify that cookies do not collect any personal data stored on your hard drive or computer. To find out more about cookies, visit www.allaboutcookies.org.
• Required Cookies
• Required cookies enable your use of the Website, such as allowing you to log in to secure areas of the site. Required cookies are essential to operating the Website and, therefore, cannot be disabled.
• Analytics and Functionality Cookies
• Analytics cookies help us monitor how visitors use our Website so we can, for example, understand which pages individuals visit, how often they visit them, and what improvements we can make to make the Website more useful. Functionality cookies remember information you’ve entered or preferences you’ve chosen. This allows us to optimise the Website for you. In particular, we use Google Analytics to understand usage and improve the functionality of the Website.
• Disabling or Deleting Cookies
• You have the option to disable or delete non-required cookies using cookie control settings within your web browser. Please consult the user guide or other documentation for your web browser to learn how to manage cookies. You may refer to http://www.allaboutcookies.org/manage-cookies/index.html for more information about cookie management on commonly used browsers. To opt-out of Google Analytics tracking, you can visit the following link https://tools.google.com/dlpage/gaoptout. Disabling or deleting cookies may result in changes to the appearance or functionality of the Websites.
UNIFY HEALTH, uses cookies to help it compile aggregate statistics about usage of its websites. This information is used to improve content and personalise your user experience.
However, by modifying your Internet browser preferences, you can accept all cookies, to be notified when a cookie is set or to reject all cookies. Please note that, if you choose to reject all cookies you will be unable to use those services or engage in activities that require the placement of cookies.
In addition to the information you provide, UNIFY HEALTH, collects information from commercially available sources that it deems credible. Such information may include your name, address, email address and demographic data. This information may be stored in internal systems, all of which are protected by encryption and cyber security controls. These systems permit UNIFY HEALTH employees to access and process such data solely for the purposes of customer fulfilment, customer administration, customer reporting, statistical analysis and marketing of UNIFY HEALTH, products and services. Individuals may have certain rights of access to personal information held by UNIFY HEALTH, and to have such data corrected whereincorrect. Please contact our Compliance Department: info@unifyhealth.ai, if you have any questions about this.
Failure to provide certain information may make it difficult or impossible for you to access some services through the Website. You should ensure that personal information submitted to us is accurate and up to date. For example, we need a current email address to communicate with you about a Product in which you choose to get a quote on.
5.1. Purposes for Collecting and Processing Personal Information.
We process personal information for the following purposes:
To fulfil a requirement in the customer onboarding process, including:
• providing our services;
• verifying your identity;
• communicating with you.
5.2. To conduct UNIFY HEALTH’s business and pursue our legitimate interests in marketing our business, ensuring that we conduct our business in line with our objectives, improving and developing our products and services, and keeping our records accurate and up to date. This includes:
• using your information to provide products and services you have requested and responding to any comments or complaints you may send us;
• personalising your experience with the Website and helping us to better respond to your individual needs;
• targeting advertising to individuals with similar interests or characteristics through services offered by third parties;
• developing new products or services or conducting analyses to enhance current products and services;
• reviewing the usage and operations of the Website and analysing and improving the Website (we continually strive to improve the Website based on the information and feedback we receive from you);
• contacting you for legitimate business purposes.
• You may also have the right to object to our use of your personal data based on our legitimate interests as described at the outset of this Privacy Policy.
5.3. Where you give us consent. This includes:
a. where consent is required by applicable law, sending you direct marketing in relation to our relevant products and services, or other products and services provided by UNIFY HEALTH;
b. on other occasions where we ask you for consent, using the data for the purpose which we explain at that time.
5.4. For purposes which are required by law. This includes:
• in response to requests by government or law enforcement authorities conducting an investigation;
• using personal information in connection with legal claims, compliance, regulatory and investigative purposes as necessary, including disclosure of such information in connection with legal process or litigation.
If, at any time, after providing personal Information to UNIFY HEALTH, and, you wish to update, change, or request the deletion of such Information, please contact us at info@unifyhealth.aiwith a detailed request.
If you believe your rights regarding your personal information have been infringed upon, please contact us at info@unifyhealth.ai.
If you want to unsubscribe from communications, please follow the instructions shown in each email communication or contact us at info@unifyhealth.ai.
UNIFY HEALTH shares your information with other entities or individuals in the following limited circumstances:
• Partners/ Service Providers: We receive and/or share your personal information with ourpartners and/or Third Party Service Providers in order to provide you with our products or services. This may include medical and administrative information related to your emergency unit admission. We may utilise Third Party Service Providers to provide business, professional, or technical support functions or in providing the Service. These Service Providers are only given access to your information to the extent necessary to process your information and/or provide services to UNIFY HEALTH and they are prohibited from using or sharing your information for any other purposes.
• Legal Matters; Compliance: We access or share your information to satisfy any applicable law, regulation, legal process, or governmental request; in connection with an investigation on matters related to public safety; as permitted by law; or otherwise as required by law.
• Fraud; Security: We access and disclose your information to detect, prevent, or otherwise address fraud, security, or other technical issues.
• Consent; Other: We share information with third parties when we have your consent or otherwise as described to you at the point of collection.
• International Transfers: We may transfer personal information from your location to other countries, including the European Economic Area, UK, and South Africa, where our employees and/or servers are located. Where your personal information is transferred outside of the country where you are located, such information is adequately protected by an adequacy decision by EU authorities, Standard Contractual Clauses, or a Service Provider’s Binding Corporate Rules.
We are committed to protecting the security of your information. We maintain what we believe to be appropriate physical, electronic, and managerial procedures to safeguard and secure your information and to prevent unauthorised access, maintain accuracy, and ensure appropriate use of your information.
We retain your personal information for as long as legally required. We also may retain your personal information for a longer period which enables us to:
• Maintain business records for analysis and/or audit purposes;
• Comply with record retention requirements under the law;
• Defend or bring any existing or potential legal claims;
• Address any complaints regarding the services;
• Enforce our commercial agreements; and
• Support our legitimate interests, as described in this Privacy Policy.
9. Complaints Procedure
9.1. Complaints Handling
• UNIFY HEALTH is responsible to acknowledge the complaint with the customer as well as provide them with regular feedback. The maximum time for acknowledgement of a complaint is 5 days. Where the complaint is urgent (i.e. the risk of reputational impact is high), this time frame must be shortened even further.
• UNIFY HEALTH deals with complaints as follows (for high-level complaints the period of acknowledgement should be shorter):
o Log the date and contents of the complaint in the Complaints Register.
o Accept all complaints submitted from whatever medium; verbal or written (ask the client to send their complaint in writing if possible). The fact that a complaint is not in writing must not deter the Company in handling the complaint.
o Acknowledge receipt of the complaint in writing within 5 days of receipt, and give the client the name(s) and contact details of the staff responsible for the resolution of the complaint.
o Investigate the complaint to ascertain whether the complaint can be resolved immediately. If resolved immediately the complaint will not be deemed ‘reportable.’
o If the complaint can be resolved immediately, take the necessary action and advise the client accordingly. If resolved within 5 business days the complaint will not be deemed ‘reportable.’
o If the complaint cannot be resolved immediately or within 5 business days, you need to lodge and categorise the complaint on the Reportable Complaints Register and send the client a written summary of the steps to be taken to resolve the matter and the expected date of resolution.
o If unable to resolve the complaint within 3 weeks of logging the complaint with the Complaints Register, notify the client by means of a written acknowledgement. This will outline the status of the complaint and the expected date of final resolution.
o If unable to resolve the complaint within a further 3 weeks of the written acknowledgement (6 weeks since complaint logged), notify the client giving full written reasons as to why the outcome was not favourable, and advise the client of their rights in this case.
o Update the register with all developments/activities.
9.2. Complaints Process Flow
1. If complaint is not in writing, ask for a written complaint.
2. Complaint received, validated and logged as a new complaint on Complaint Register.
3. Acknowledge receipt of complaint in writing within 5 days.
4. Complaint assigned and investigated.
5. Resolve the complaint immediately or take the necessary action and advise the client of steps taken and expected date of resolution.
6. Update the Complaints Register with all developments/activities.
7. Inform client in writing of the resolution of the complaint and the outcome.
8. Notify the client if complaint is not resolved within 3 weeks – advise on status of the complaint.
9. Notify the client of the final outcome. This must be no later than 6 weeks since the complaint was logged.
10. Advise client of other options.
9.3. Partner Complaints Resolution
• The Company’s partner/service provider may in some instances hold the relationship with the customer and therefore all communication may occur directly with the customer. This means that if the customer is dissatisfied and wants to complain, the initial channel of complaint will be directly with the partner/service provider. The partner/service provider will therefore need to ensure in all instances that:
o Complainants are promptly informed of the process that will be followed in handling the complaint (e.g., indicative timelines; availability of escalation or alternative recourse in the event of an outcome not in the complainant’s favour; contact details of the person who will be handling the complaint to follow up on progress.)
o If the partner/service provider is unable to resolve the complaint, there should be clear processes to escalate to a contact person within the UNIFY HEALTH.
o The partner/ service provider must record all complaints received and keep a register of the resolution of the complaints relating to UNIFY HEALTH and its products and services.
o When the partner/service provider makes a final decision on a complaint and is informed by the customer that they are unhappy with the outcome of their complaint, the partner/service provider must escalate the complaint to UNIFY HEALTH. The partner must exhaust their internal complaints process first before advising the customer of the escalation procedures.
10. Data Breach Procedure
10.1. Introduction
At UNIFY HEALTH, we prioritize the security and privacy of our customers’ data. This Data Breach Procedure Policy outlines the steps our employees must follow in the event of a data breach to ensure prompt identification, assessment, containment, and mitigation of risks, as well as communication to stakeholders and compliance with relevant laws and regulations.
10.2. Scope
This policy applies to all employees, contractors, and third parties who have access to the company's data or systems. It encompasses all types of data breaches, including but not limited to unauthorized access, data corruption, loss, or theft.
10.3. Definitions
• Data Breach: Unauthorized access or exposure of sensitive, protected, or confidential data.
• PII (Personally Identifiable Information): Information that can be used to identify an individual, such as names, addresses, social security numbers, and financial information.
• Incident Response Team (IRT): A team responsible for managing and addressing data breaches.
10.4. Roles and Responsibilities
• The Company shall appoint an Incident Response Team (IRT) to manage the handling of security incidents and data breaches.
• Employees must report potential data breaches immediately and cooperate with the IRT during investigations.
10.5. Breach Identification
10.5.1 Reporting a Suspected Breach
• Employees must report any suspected data breach to the IRT immediately, using the designated internal communication channels.
• Employees must provide specific information, including type of breach, affected systems, and timeframe.
10.5.2 Detection and Monitoring
• The Company shall use automated tools and systems to detect potential breaches.
• The Company shall regularly review system logs, access controls, and security alerts.
10.6. Assessment and Containment
10.6.1 Initial Assessment
• The IRT shall conduct an initial assessment to understand the scope and nature of the breach.
• The IRT shall determine the type of information affected, the extent of exposure, and potential impact.
10.6.2 Containment Measures
The Company shall:
• Isolate affected systems to prevent further unauthorized access.
• Implement immediate security measures such as changing passwords and revoking access where necessary.
• Preserve evidence for further investigation.
10.7. Notification and Communication
The Company shall:
• Inform all relevant internal stakeholders, including the executive team, affected departments, and IT staff.
• Notify affected customers and individuals in accordance with legal requirements.
• Communicate with regulators, industry bodies, and law enforcement as required.
• Issue a public statement if necessary, ensuring transparency and maintaining trust.
10.8. Investigation and Documentation
The Company shall:
• Conduct a thorough investigation to identify the root cause of the breach.
• Document findings, including how the breach occurred, data compromised, and affected individuals or systems.
• Maintain detailed records of the incident, response actions, and outcomes.
• Ensure documentation is securely stored and accessible for future reference and compliance purposes.
10.9. Mitigation and Prevention
10.9.1 Corrective Actions
The Company shall:
• Implement corrective measures to prevent recurrence of similar breaches.
• Update security policies, procedures, and technologies as needed.
10.9.2 Training and Awareness
The Company shall:
• Provide regular training to employees on data protection and breach response procedures.
• Raise awareness of common breach indicators and reporting mechanisms.
10.10. Review and Continuous Improvement
10.10.1 Post-Incident Review
The Company shall:
• Conduct a post-incident review to evaluate the effectiveness of the breach response.
• Identify areas for improvement and update the breach procedure accordingly.
10.10.2 Regular Audits
The Company shall:
• Perform regular security audits and assessments to identify vulnerabilities.
• Continuously update and test incident response plans.
10.11. Legal and Regulatory Compliance
The Company shall:
• Ensure compliance with all relevant data protection laws and regulations, including POPIA, and any industry-specific requirements.
• Coordinate with legal counsel to understand obligations and best practices.
10.12. Policy Review
• This policy will be reviewed annually or following a significant data breach incident to ensure it remains current and effective. Revisions will be communicated to all employees and relevant stakeholders.
By adhering to this Data Breach Procedure Policy, UNIFY HEALTH aims to protect sensitive data, maintain customer trust, and comply with legal obligations. All employees are required to familiarise themselves with this policy and act accordingly in the event of a data breach.
Date of last update: 25 September 2024
