Privacy Policy
Effective Date: 1 January 2025 | Last Updated: 2026/05/21
1. Introduction
LYNX Technology Innovations (Pty) Ltd, trading as NuHealth ("NuHealth", "we", "us"), is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and the Constitution of the Republic of South Africa.
2. Information We Collect
- Identity Information: Name, surname, ID number, date of birth, gender
- Contact Details: Email address, phone number, physical address
- Health Information: Medical history, prescriptions, diagnoses, appointment records
- Financial Information: Payment details (processed securely via PayFast/Ozow)
- Technical Data: Device information, IP address, app usage analytics
3. How We Use Your Information
- Providing telemedicine, pharmacy, and health services
- Processing prescriptions and medicine orders
- Facilitating doctor-patient communications
- Improving our services through anonymised analytics
- Complying with legal and regulatory obligations
- Marketing (only with your explicit consent)
4. Legal Basis for Processing
We process your personal information under the following lawful bases per POPIA Section 11: consent, contract performance, legal obligation, legitimate interest, and vital interest (medical emergencies).
5. Data Sharing
We may share your information with:
- Healthcare providers you consult through NuHealth
- Pharmacies fulfilling your prescriptions
- Payment processors (PayFast, Ozow) for transaction processing
- Regulatory bodies as required by law (HPCSA, SAPC, SAHPRA)
We never sell your personal information to third parties.
6. Data Security
We employ industry-standard security measures including AES-256 encryption at rest, TLS 1.2+ encryption in transit, role-based access controls, regular security audits, and JWT token-based authentication with key rotation support.
7. Your Rights
Under POPIA, you have the right to:
- Access your personal information
- Request correction of inaccurate data
- Request deletion of your account and data
- Object to processing of your information
- Receive a copy of your data (data portability)
- Lodge a complaint with the Information Regulator
8. Data Retention
- Medical records: 5 years after last interaction (Health Professions Act)
- Financial records: 5 years (Tax Administration Act)
- General account data: Until account deletion + 30-day grace period
9. Contact
Information Officer: [email protected]
Information Regulator: [email protected]