BodyGoals is owned by Health Window (Pty) Ltd (“BodyGoals”, “Health Window”, “we”, “us” or “our”). Health Window is co-owned by Dis-Chem Pharmacies Group. Health Window collects and processes the personal information of anyone who accesses our website and/or chooses to become our customer/client as well as from your day-to-day dealings with us (“you” or “your”).
By providing us with your Personal Information, you:
- agree to this Policy and authorise us to process such information as set out herein; and
- authorise BodyGoals / Health Window (inclusive of Dis-Chem Pharmacies Group), our Service Providers and other third parties to Process your Personal Information for the purposes stated in this Policy.
Personal Information, in terms of the Protection of Personal Information Act, 4 of 2013 (“POPIA”), means “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. South Africa’s Constitution, Act 108 of 1996, provides that everyone has the right to privacy. This includes the right to protection against the unlawful collection, retention, dissemination and use of your personal information.
Because of the sensitivity of some personal information, we ensure that the way we process your Personal Information complies fully with POPIA and have implemented reasonable organisational and technical controls as a result.
2. Collection of Personal Information
We may collect or obtain Personal Information about you in the following ways:
- Through direct or active interactions with you;
- In the course of our relationship with you;
- Through automated or passive interactions with you;
- When you interact with our website, the online course/programme and/or our various social media platforms;
- From third parties;
- Public sources; and
- Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information.
Types of Personal Information we may collect:
- Identity information;
- Contact information;
- Transaction information;
- Technical information;
- Usage Information;
- Location information; and
- Marketing and communications information.
3. Legal Basis for Processing
When we process your personal information in connection with the purposes set out herein, we may rely on one or more of the following legal bases, depending on the purpose for which the processing activity is undertaken and the nature of our relationship with you:
- Your consent to the processing of your Personal Information;
- Processing of the information is necessary for the performance of a contract or of a legal obligation;
- Processing is necessary for the protection of our and your legitimate interests.
4. Purposes of Processing
We will primarily use your Personal Information only for the purpose for which it was originally collected. We will use your Personal Information for a secondary purpose only if such purpose constitutes a legitimate interest and is compatible with the primary purpose for which the Personal Information was collected.
You agree that we may process your Personal Information for the following, but not limited to:
- Operating our business;
- Complying with compulsory requirements under relevant laws;
- To retain and make information available to you on our website;
- To establish and verify your identity on the website;
- Fraud prevention;
- Complying with information requests from the Information Regulator;
- To conduct market research surveys and other marketing activities;
- For security, administrative and legal purposes;
- To manage risks; and
- To improve customer/client experience, specifically in the context of care co-ordination.
We may also collect and process aggregated data, which may include historical or statistical data for any purpose, including for know-how and research purposes. For such purpose, your personal information will be used in a deidentified basis only.
We will not intentionally collect and process the Personal Information of a child unless we have the permission of a guardian or competent person (as defined by POPIA).
5. Sharing of Personal Information
We will ensure that your Personal Information is processed in a lawful manner and that the third parties or we do not infringe your privacy rights. In the event that we ever outsource the processing of your Personal Information to a third party operator, we will ensure that the operator processes and protects your Personal Information using reasonable technical and organisational measures that are equal to or better than ours.
We may also disclose your Personal Information to third parties if we are under a duty to disclose or share such information to comply with any legal obligation or to protect the rights, property or safety of BodyGoals, its customers/clients and others.
6. International Transfer of Personal Information
We will not ordinarily transfer any Personal Information collected from you outside the borders of South Africa.
In the event that we transfer or store your Personal Information outside South Africa, we will take all steps reasonably necessary to ensure that the third party who receives your Personal Information is subject to a law or binding agreement which provides an adequate level of protection.
7. Data & Payment Security
We have implemented appropriate technical and organisational security measures to protect your Personal Information that is in our possession against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, in accordance with applicable law.
8. Data Retention
We will retain your personal information for as long as is necessary to fulfil the purpose for which it was collected unless a longer retention period is required to comply with legal obligations or another legitimate obligation, unless we have your consent to process it indefinitely.
9. Data Accuracy
The Personal Information provided to us should be accurate, complete and up-to-date. Should Personal Information change, the onus is on the provider of such data to notify us of the change and provide us with the accurate data.
10. Data Minimisation
We will restrict its processing of Personal Information to data which is sufficient for the fulfilment of the primary purpose and applicable legitimate purpose for which it was collected.
You have the right to have your personal information processed lawfully. Your rights include the right:
- to be notified that your Personal Information is being collected or that your Personal Information has been accessed or acquired by an unauthorised person e.g. where a hacker may have compromised our computer system;
- to find out whether we hold your Personal Information and to request access to your Personal Information;
- to request us, where necessary, to correct, destroy or delete your Personal Information;
- to object, on reasonable grounds, to the processing of your Personal Information;
- to object to the processing of your Personal Information for purposes of direct marketing, including by way of unsolicited communications;
- not to be subject, in certain circumstances, to a decision which is based solely on the automated processing of your Personal Information;
- to submit a complaint to the Regulator if you believe that there has been interference with the protection of your Personal Information; and
- to institute civil proceedings against us if you believe that we have interfered with the protection of your Personal Information.
12. Direct Marketing
We may process Personal Information for the purpose of direct marketing and providing you with information that may be of interest to you. We and/or our parent companies will only send you direct marketing materials if you have specifically opted-in to receive these materials, or if you are a customer/client of ours, at all times in accordance with applicable laws.
You may unsubscribe at any time. If you opt out of receiving marketing related communications from us, we may still send you administrative messages which is necessary as part of services.
13. Contact Details of the Information Regulator and Queries
You may contact our Information Officer at: firstname.lastname@example.org / email@example.com
You may contact the Information Regulator at: Information Regulator
Tel: 012 406 4818
Fax: 086 500 3351