POPIA POLICY – Get Tested South Africa

POPIA POLICY


1. INTRODUCTION

This manual is prepared in accordance with the Protection of Personal Information Act, 2013 (POPIA) and the Promotion of Access to Information Act, 2000 (PAIA). It serves as a guideline for Get-Tested to manage personal information responsibly and provide data subjects with access to their personal information where required by law.

2. PURPOSE

The purpose of this manual is to outline:

  • The categories of personal information collected and processed by Get-Tested.

  • The procedures for requesting access to personal information.

  • The security measures are in place to protect personal data.

  • The rights of data subjects under POPIA.

3. COMPANY DETAILS

  • Company Name: AW Healthcare (PTY) LTD trading as Get-Tested

  • Information Officer: [Redacted - available upon email request]

  • Email: As per our contact form and/or email sent to you

  • Website: www.get-tested.co.za

4. DEFINITIONS

  • Personal Information: Any information relating to an identifiable natural person, including name, contact details, health information, and biometric data.

  • Data Subject: The individual whose personal information is being processed.

  • Responsible Party: Get-Tested, as the entity processing personal information.

  • Information Officer: The individual responsible for ensuring compliance with POPIA.

5. TYPES OF PERSONAL INFORMATION COLLECTED

Get-Tested collects and processes the following types of personal information:

  • Identification details (Name, ID/passport number, date of birth)

  • Contact details (Phone number, email address, physical address)

  • Medical records (Health history, test results, treatment history)

  • Financial details (Billing information, medical aid details)

  • Online interactions (IP address, cookies, and browsing behavior on Get-Tested’s website)

6. PURPOSE OF PROCESSING PERSONAL INFORMATION

Get-Tested processes personal information for the following purposes:

  • Providing testing services, telehealth services, and related healthcare support.

  • Complying with legal and regulatory obligations.

  • Managing customer relationships and responding to inquiries.

  • Conducting research and improving service offerings.

  • Communicating test results and healthcare recommendations.

7. SECURITY MEASURES TO PROTECT PERSONAL INFORMATION

Get-Tested has implemented security measures to protect personal information from unauthorized access, alteration, or disclosure. These include:

  • Encryption of electronic records.

  • Access control and authentication mechanisms.

  • Secure data storage with limited access to authorized personnel.

8. PROCESS FOR REQUESTING ACCESS TO PERSONAL INFORMATION

8.1 Right of Access to Personal Information

In terms of Section 23 of POPIA and PAIA, a data subject has the right to request access to their personal information held by Get-Tested.

8.2 Submission of Requests

8.2.1 How to Request Access

A request for access to personal information must be made in writing using the Request for Access to Information Form. Please use the Government Gazette (Govt. Notice R187 – 15 February 2002) (Form A).

The completed form must be submitted to the Information Officer using one of the following methods:

  • Email: [redacted to reduce bot activity - please use the email address we use to send information to you]

8.2.2 Required Information for the Request

To ensure timely processing, the request must include:

  1. The requester’s full name, ID number, and contact details (email, phone number, address).

  2. A detailed description of the information required and proof of identity/authorization should the request be for a third party. (example: proof of email, proof of ID for 3rd party)

  3. The preferred format for receiving the information (email, printed copy, USB, etc.).

  4. A certified copy of the requester’s ID/passport for identity verification.

  5. If applicable, proof of authorization (e.g., power of attorney) if the request is submitted on behalf of another person.Please note that all documents should be printed, certified, and couriered to us at your own cost. If any of the documents are missing and/or insufficient, an re-application fee applies.

8.3 Processing of Requests

8.3.1 Acknowledgment of Receipt

Upon receiving a request, the Information Officer will acknowledge receipt within 7 calendar days. If the request is incomplete, the requester will be notified and given 5 working days to provide the missing information.

8.3.2 Evaluation of the Request

  • The request will be reviewed within 30 calendar days to determine if access can be granted.

  • If the request involves third-party information, Get-Tested may notify the third party and allow them 21 days to respond before making a decision.

8.3.3 Granting or Refusing Access

  • If approved, the requester will be informed of:

    • The access fee and administrative fee.

    • How and when they can receive the requested information.

  • If refused, the requester will be provided with written reasons for the refusal and instructions on how to appeal the decision.

8.4 Fees for Accessing Personal Information

8.4.1 Request Fee

  • No request fee is payable if a person is requesting access to their own personal information.

  • A request fee of R500.00 applies when requesting third-party information or when requesting information on behalf of another party.

8.4.2 Fees

Type of Information Fee
Admin Fee 
 R 800
Re-processing fee 
 R 350
USB Copy R 200
Courier delivery R 350

  • A 50% deposit is required before processing.

  • Exemptions: Requesters earning below R14,712 per annum (single) or R27,192 per annum (married/life partnership) are exempt from fees. If this is the case we require a copy of a 3-month bank statement for both parties and an affidavit printed and certified.

8.5 Turnaround Times

Step Timeframe
Acknowledgment of request 10 working days
Request assessment & response 30 working days
Extension (if required) Additional 30 days (with written notice)
Collection/delivery of records Within 7 days of fee payment

8.6 Appeal Process

If access is denied, the requester may:

  1. Submit a written appeal to the Information Officer within 30 days of refusal.

  2. If still unsatisfied, escalate the complaint to the Information Regulator:

    Information Regulator of South Africa