Xperia/Medicall Healthcare’s Privacy Notice

This Privacy Notice describes how Xperia/Medicall Healthcare collects, uses, discloses, retains and protects your personal information, in accordance with the Protection of Personal Information Act (POPIA) and other relevant laws.

The Privacy Notice applies to any website, application, form, document, product or service which references this Privacy Notice. It also supplements any other privacy policies which may apply in respect of Xperia/Xperia/Medicall Healthcare entities’ processing of personal information.

POPIA defines personal information as “information which relates to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person”. This includes, but is not limited to, your name, sex, gender, address, contact details, identity number and medical or health information.

Please note that this Privacy Notice may previously have been referred to on this website as a “privacy policy” or “privacy statement” and therefore some documents or forms may still refer to this Privacy Notice as a “privacy policy” or “privacy statement”.

1. Who we are

In this Privacy Notice, any reference to “Xperia”, “Medicall Healthcare”, “the Medicall Healthcare” or “we” refers to one or more of the entities, affiliates or subsidiaries of the Xperia/Medicall Healthcare operating in South Africa.

Xperia Financial Services (PTY) Ltd is a Registered Entity in terms of the Companies Act (2014/114072/07) Trading as Medicall Healthcare, a Licensed Financial Services Provider (FSP 45551) with the FSCA (Financial Sector Conduct Authority) and with Demarcation Exemption (DM1051) through CMS (Council of Medical Schemes)..

2. How we collect information

We collect personal information about you and any other person whose details you provide to us in accordance with the relevant laws, either:

• Directly from you when you complete a product or service application form, electronically, telephonically or by way of a hard copy;
• Indirectly from you when you interact with us electronically by way of our website, apps, or social media channels, which may include the collection of metadata (data about data);
• From Employers and other contracted entities in the context of medical schemes and insurance policies; and
• Where relevant, from third-party sources, such as other entities within and contracted to the group, authorised and Accredited Intermediaries and Call Centre FSP’S on boarded by Xperia Financial Services/Medicall Healthcare and Guardrisk Life (Pty) Ltd or any other Insurer in the future.

We will also collect your information where you have only partially completed and/or abandoned any information which you began to apply to our website and/or other online forms. Given that we already consider you a customer at this stage, we may use this information to contact you in order to remind you to complete outstanding information.

Where we require personal information in order to provide you with our products and services, your failure to provide us with the necessary information will result in Xperia/Medicall Healthcare being unable to provide you with the relevant products and services.

3.Collection of information by third parties

Owners or information system administrators of third-party websites that have links to the Xperia/Medicall Healthcare website, may collect personal information about you when you use these links. Xperia/Medicall Healthcare does not control the collection or use of personal information by third parties and this privacy statement does not apply to third parties. Xperia/Medicall Healthcare does not accept any responsibility or liability for third-party policies or your use of a third-party app, platform or service.

Xperia/Medicall Healthcare also uses certain social networking services such as Facebook, WhatsApp, Instagram and Twitter to communicate with the public and Xperia/Medicall Healthcare clients. When you communicate with Xperia/Medicall Healthcare through these services, that social networking service may collect your personal information for its own purposes. These services may track your use of our digital channels on those pages where the links are displayed. If you are logged into those services (including any Google service) while using our digital channels, their tracking will be associated with your profile with those service providers. These services have their own privacy policies which are independent of Xperia/Medicall Healthcare’s privacy policies and practices. Please ensure that you fully acquaint yourself with the terms of any such third-party privacy policies and practices.

Xperia/Medicall Healthcare will only provide data to third-party information exchange services, for example, the Financial Services Exchange (Pty) Ltd, trading as Astute, with your consent.

4. What information we collect

Your relationship with Xperia/Medicall Healthcare determines the exact nature of the personal information we process, and the purpose for which such personal information is collected and used. However, in many cases, if we are handling your personal information as part of our role as an Underwriting Manager, the personal information we may process includes the following:

• Information about you – for example: your name, identity number, age, gender, date of birth, nationality, occupation, lifestyle, current status of health, medical history and any existing conditions of each person insured.
•  In the event that you make a claim, we may also collect personal information from you about the claim and any relevant third parties. We acknowledge that information about your health is special personal information. Note that we will use that information strictly in accordance with applicable laws and insurance purposes (including assessing the terms of the policy contract, the benefits, dealing with changes to the policy and/or dealing with claims).
• Contact information –for example, your email, address, phone number and postal address.
• Online information – for example, cookies and IP address (your computer’s internet address), if you use our websites, apps and/or social media channels.
• Financial information – we may process information related to payments you make or receive in the context of an insurance policy or claim. We may process information regarding your income, expenses, assets, liabilities, investments, retirement and other financial provisions in the context of providing financial advice and intermediary services.
• Contractual information – for example, details about the policies you hold and with whom you hold them.
• Health information such as smoker status or medical-related issues relevant to a policy or a claim you have made.

In certain instances, we may need consent to process your personal information. If you give us your consent for a specific context, you are free to withdraw this consent at any time. Please note that where you have withdrawn your consent, this will not affect the processing that took place prior to such withdrawal and it will not affect the processing of your personal information where consent is not required.

You may refuse to provide us with your personal information in which case we may not be able to provide you with a relevant service or would have to terminate our business relationship. The supply of certain items of personal information, especially those collected to comply with regulation, is legally mandatory.

5. How we use your information

We have regulatory obligations, including compliance with anti-money laundering legislation, to process your personal information. This includes verifying your identity or the identity of your beneficial owner and/or controlling persons. We are also required by various laws to maintain a record of our dealings with clients.

In order for us to provide clients with the financial products and services they have requested and to notify them of important changes to such products and services, we need to collect, use and disclose the personal information of clients, their representatives, controlling persons of entities, business contacts, staff of clients and service providers.

To the extent permissible under applicable laws, Xperia/Medicall Healthcare may use your information:

• To provide you with our financial products and services, and maintain our relationship with you;
• To conclude and administer your application, which may include underwriting;
• To execute a transaction in accordance with your request;
• To assess, check, and process claims;
• To meet our contractual obligations with you or take steps necessary for the conclusion of a contract with you;
• In relation to administering any securities you may hold in respect of a Xperia/Medicall Healthcare entity (where relevant);
• To comply with legislative and regulatory requirements, including codes of conduct and requirements of our regulators (including the Financial Sector Conduct Authority and Prudential Authority);
• To undertake credit reference searches and/or verification;
• For the detection and prevention of unlawful activity, fraud, money-laundering and loss, including as part of party due diligence required under applicable laws and in terms of Xperia/Medicall Healthcare policies;
• For debt recovery or debt tracing;
• For purposes of online login and authorisation;
• To execute the Xperia/Medicall Healthcare ’s strategic initiatives;
• To perform any risk analysis or for purposes of risk management to you or our business in general;
• To record and/or monitor and have access to your telephone calls (i.e. voice recordings), correspondence and electronic communications to/with us (or any of our employees, agents or contractors) in order to accurately carry out your instructions and requests, to use as evidence and in the interests of crime prevention;
• To maintain the security of our digital channels and systems;
• For statistical analysis and research purposes;
• For audit and record-keeping purposes;
• For purposes of proof and legal proceedings;
• To enhance your experience when interacting with the Xperia/Medicall Healthcare and to help us improve our offerings to you;
• To share with other entities in the Xperia/Medicall Healthcare, so that we can market our financial products and services which we deem similar, with the aim of offering you the opportunity to take up some of the financial products to fulfil your needs, provided that you have not objected to receiving such marketing;
• To conduct market research and provide you with information about our products and services from time to time via email, telephone or other means (for example, invite you to events);
• To process your marketing preferences (where you have unsubscribed from certain direct marketing communications, keeping a record of your information and request to ensure that we do not send such direct marketing to you again);
• To prevent or control the spread of any disease; and
• For any purpose related to and compatible with the above.

6. Sharing your information

Entities within the Xperia/Medicall Healthcare will only share your personal information with third parties if there is a legitimate reason to do so. We may disclose the personal information you provide to us to the following entities:

• Our third-party service providers and other Xperia/Medicall Healthcare entities who are involved in the delivery and/or administration of financial advice products and services;
• Other third parties in relation to the purposes set out under the previous section (How we use your information);
• Other insurers, public bodies and law enforcement (either directly or through shared databases) for fraud detection and prevention; and
• Reinsurers who provide reinsurance services to Xperia/Medicall Healthcare and for each other. Reinsurers will use your personal information to decide whether to provide reinsurance cover, assess and deal with reinsurance claims, and to meet legal obligations.

Xperia/Medicall Healthcare will process and share your personal information with other companies within the Xperia/Medicall Healthcare for the purpose of facilitating your membership to a loyalty or rewards programme. Your personal information may also be shared with third-party suppliers from time to time for the purpose of facilitating and providing benefits to you by way of a loyalty or rewards programme or when needed to fulfil our contractual obligations to you.

Xperia/Medicall Healthcare will not sell, rent, or trade your personal information to any third party. 

Xperia/Medicall Healthcare will share information about you with Accredited and on boarded FSPs/Call Centre’s and Financial advisers that have intermediary agreements with Xperia/Medicall Healthcare. Xperia/Medicall Healthcare may also share information within the Xperia/Medicall Healthcare where it is in Xperia/Medicall Healthcare’s legitimate interest to do so.

Xperia/Medicall Healthcare will disclose information when lawfully required to do so:

• To comply with any relevant legislation;
• To comply with any legal process; and
• By any regulatory authority (for example, the Financial Sector Conduct Authority or Prudential Authority).

On occasion, Xperia/Medicall Healthcare may – for legitimate purposes – share aggregated information with its stakeholders and business partners (for example, demographic data) in a manner that does not identify the persons to whom the information applies. However, Xperia/Medicall Healthcare will not disclose your personal information to third parties unless there is valid processing ground as set out in section 11 of POPIA.

7. Transfer across borders

Some of the persons to whom we disclose your personal information may be situated outside of the Republic of South Africa (RSA) in jurisdictions that may not have similar data protection laws to the RSA. In this regard, we may send your personal information to service providers outside of the RSA for storage or processing on Xperia/Medicall Healthcare’s behalf. However, we will not send your information to a country that does not have information protection legislation similar to that of the RSA, unless we have ensured that the recipient agrees to effectively adhere to the principles for processing of information in accordance with POPIA.

8. Security and storage of information

Xperia/Medicall Healthcare intends to protect the integrity and confidentiality of your personal information and have implemented appropriate technical and organisational information security measures (including, but not limited to, using encryption for transmission of credit card numbers) to keep your information secure, accurate, current, and complete. However, we cannot guarantee the security of any information you transmit to us online and you do so at your own risk.

Where third parties are required to process your personal information in relation to the purposes set out in this notice and for other lawful requirements, we ensure that they are contractually bound to apply the appropriate security practices.

Your personal information in accordance to the FAIS act will be held and used for as long as permitted for legal, regulatory, claims, fraud prevention and legitimate business purposes including for 5 years after cancellation/termination with us..

9. Right of access to information

The Promotion of Access to Information Act (PAIA) coupled with POPIA offer an individual the right to access information held by a public or private body in certain instances. This right can be exercised in accordance with the Xperia/Medicall Healthcare PAIA manual.

10. Correction of your information

In accordance with POPIA, you have a right to correct any of your personal information held by Xperia/Medicall Healthcare. This right should be exercised in accordance with the procedure outlined in the Xperia/Medicall Healthcare PAIA manual.

11. Objection to processing of your information

In accordance with POPIA, you may object to our processing of your personal information on reasonable grounds relating to your particular situation, unless legislation provides for such processing.

12. Marketing

Where you provide your personal information to a Xperia/Medicall Healthcare entity in the context of a sale of one of our products or services, you agree to such Xperia/Medicall Healthcare entity sending you information on news, trends, services, events and promotions for our own similar products and or services, always subject to your right to opt out of receiving such marketing at the time your information is collected and on each subsequent marketing communication thereafter. You may object to receiving direct marketing from Xperia/Medicall Healthcare at any time by contacting the Xperia/Medicall Healthcare Client Care Centre on 010 443 8777

Where you choose to exercise your right to opt out of direct marketing, please allow up to 21 days for Xperia/Medicall Healthcare to effect that change.

13. Clickstream data

In the interests of better customer service, Xperia/Medicall Healthcare may collect anonymous information from visitors to its websites. For example, Xperia/Medicall Healthcare keeps track of the domains from which people visit its website and also measures visitor activity on its website. In the process, Xperia/Medicall Healthcare ensures the information cannot be used to identify you. This information is sometimes known as “clickstream data”. Xperia/Medicall Healthcare or its analytics vendors (including Google Analytics) may use this data to analyse trends and statistics and to provide better customer service.

The information, referred to as traffic data, which may be collected includes:

• Your IP address;
• The search terms you have used;
• The pages accessed on the website and the links you’ve clicked on;
• The date and time you visited the website;
• The referring website (if any) through which you clicked through to our website; and
• The type of website browser you use.

As mentioned, the traffic data is aggregated and not personally identifiable and our website analysis will also respect any ‘do not track’ setting you might have on your web browser.

14. Cookies

We use cookies on our website.

A cookie is a small piece of data that a website stores on the visitor’s computer or mobile device. These data files do not contain personal information, but they do contain a personal identifier that allows us to associate your personal information with a certain device. We do not store any personal information in our cookies that could be read or understood by other web users.

Please note that by deleting or disabling cookies, you may not be able to access certain areas or features of our website.

We use different types of cookies on our website. These cookies may be deleted from your device at different times, such as at the end of your browsing session or after a pre-set amount of time, or they may persist on your device until you delete them.

The different type of cookies we use are:

• Essential cookies: These cookies are required for the operation of our website. Some parts of our website may not work without them.
• Analytical/performance cookies: These cookies allow us to understand how visitors move around our website so that we can improve the way our website works. For example, we use Google Analytics cookies, which report website trends anonymously (i.e. without identifying individual users).
• Social media cookies: These are cookies that integrate with social media platforms.

We use them so that content can be shared from our website to your chosen social media platform.

If you would like to delete or disable cookies, please activate the setting on your browser to refuse some or all cookies. Please note, however, that blocking all cookies will block essential cookies and may affect your ability to access some parts of our website.

How do I disable cookies?

If you do not want to receive a cookie from the website, you have the option of setting your browser to notify you when you receive a cookie, so that you may determine whether to accept it or not. However, please be aware that if you do turn off ‘cookies’ in your browser, you will not be able to fully experience some of the features of the website. For example, you will not be able to benefit from automatic log-on and other personalisation features.

15. Children

While none of Xperia/Medicall Healthcare’s websites are directed at children under 18 years of age, where the Members wish to include their minor children under 21 years of Age, we are required to obtain details of their name, Date of Birth or ID number aswell as their existing medical conditions and whether they are on any pre-existing treatment or medication. Xperia/Medicall Healthcare is committed to complying with all applicable laws aimed at the protection of children and in particular the protection of their personal information. 

This privacy statement was last updated on 29 June 2021. A notice will be posted on the Xperia/Medicall Healthcare website home page whenever the Privacy Notice is materially changed.

Please check the website regularly to ensure that you are aware of the latest version of this Privacy Notice.

16. Questions regarding this statement

Questions, comments and requests regarding this statement may be directed to info@medicallhealth.co.za for clarification.

17. Particulars of Xperia/Medicall Healthcare

Should you have a complaint or concern regarding the processing of your personal information, your complaint may be submitted info@medicallhealth.co.za.

Xperia Financial Services/Xperia/Medicall Healthcare is an Underwriting Manager who is the Product Owner of the Medical Insurance Product (with Demarcation Exemption) and the Licensed Financial Services Provider.

Our head office’s registered address is 9 Fick Street Potchefstroom 2520 

For more information on the Xperia/Medicall Healthcare, please visit our website.

18. The Information Regulator

Whereas we would appreciate the opportunity to first address any complaints regarding our processing of your personal information, you have the right to complain to the Information Regulator, whose contact details are:

The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O. Box 31533, Braamfontein, Johannesburg, 2017

Complaints email: complaints.IR@justice.gov.za

General enquiries email: inforeg@justice.gov.za