Keep in touch
Subscribe to TB HIV Care’s newsletter
TB HIV Care
TB HIV Care NPC – Privacy notice
This privacy notice provides details of the personal information we collect from you, what we do with it, how you might access it and who it might be shared with.
Our organisation
TB HIV Care NPC
7th Floor, 11 Adderley Street, Cape Town, 8000, South Africa
Telephone: +27214250050
Organisation email: dio@tbhivcare.org
ATTENTION all children
THIS IS A VERY IMPORTANT NOTICE WHICH WE MUST SHARE WITH YOU AND ANY ONE OF YOUR PARENTS OR LEGAL GUARDIANS. TO MAKE USE OF OUR SERVICES, WE NEED INFORMATION WHICH IS PERSONAL TO YOU. FOR EXAMPLE, YOUR NAME, YOUR EMAIL ADDRESS AND YOUR PHONE NUMBER. IT MIGHT BE SO THAT WE CANNOT USE YOUR INFORMATION UNLESS YOUR PARENT AGREES. PLEASE TELL YOUR PARENTS TO READ THE NOTICE BELOW.
ATTENTION all parents / legal guardians
IN ORDER FOR CHILDREN TO MAKE USE OF OUR SERVICES WE NEED TO USE THEIR PERSONAL INFORMATION AND FOR THIS WE ARE REQUIRED BY LAW TO OBTAIN THE CONSENT OF A PARENT OR LEGAL GUARDIAN. BEFORE DECIDING ON CONSENT IT IS IMPORTANT FOR PARENTS TO UNDERSTAND OUR INFORMATION SECURITY AND PRIVACY POLICIES. IT IS EQUALLY IMPORTANT FOR PARENTS TO EXPLAIN TO CHILDREN, THE IMPLICATIONS OF NOT PROVIDING OUR ORGANISATION WITH THE PROPER CONSENT. A LINK TO OUR CONSENT FORM CAN BE FOUND WHEREVER WE COLLECT PERSONAL INFORMATION OF CHILDREN.
What we do with your personal information
We use your personal information for the purpose for which it is collected. Among others, this purpose could be to provide a service, assist us with administration, recruit prospective employees or even to comply with a legal obligation. We may use your personal information for other similar purposes, including research purpose, marketing and communications, but that will only occur in the case where we have your consent or another lawful justification for doing so.
From our service beneficiaries, including children, we collect, use and retain personal information for the following purposes and periods, with the applicable lawful basis:
| Processing purpose | Lawful basis | Retention period |
|---|---|---|
| Awareness creation on how to live and prevent contracting HIV and TB | S11 – We have the data subject’s and / or competent persons consent, where necessary | In accordance with records retention policy |
| Medical screening and tracking | S11 – We have the data subject’s and / or competent persons consent, where necessary S11 – We must comply with a legal obligation. |
In accordance with records retention policy |
| Maintaining a do-not contact list | S11 – We, the Responsible Party must comply with a legal obligation | In accordance with records retention policy |
| Clinical and social services: referrals, consultation, examination and treatment, where applicable | S11 – We have the data subject’s and / or competent persons consent, where necessary | In accordance with records retention policy |
| Satisfaction survey | S11 – We have the data subject’s and / or competent persons consent, where necessary | In accordance with records retention policy |
| HIV self-screening and index | S11 – We have the data subject’s and / or competent persons consent, where necessary | In accordance with records retention policy |
| Case management | S11 – We have the data subject’s and / or competent persons consent, where necessary and S14 – It is in the public interest |
In accordance with records retention policy |
| Medical treatment, prescription and referrals | S11 – We have the data subject’s and / or competent persons consent, where necessary and S14 – It is in the public interest |
In accordance with records retention policy |
| De-duplication | S11 – It is in our organisation’s legitimate interest (Organisation operations and due diligence) | In accordance with records retention policy |
| Contact tracing | S11 – We have the data subject’s and / or competent persons consent, where necessary | In accordance with records retention policy |
| Strategic information and research | S15 – For historical, statistical or research purposes; not to be published in identifiable form | In accordance with records retention policy |
| Awareness creation on how to live and prevent contracting HIV and TB | S11 – It protects a legitimate interest of the data subject | In accordance with records retention policy |
| Clinical training | S11 – We, the Responsible Party must comply with a legal obligation and S11 – To conclude or perform a contract to which the data subject is party |
In accordance with records retention policy |
| Auditing and taxation services | S11 – We, the Responsible Party must comply with a legal obligation | In accordance with records retention policy |
| Compliance (SITA, QCTO, employment equity and BEE) | S11 – We, the Responsible Party must comply with a legal obligation | In accordance with records retention policy |
| Donor administration | S11 – We, the Responsible Party must comply with a legal obligation | In accordance with records retention policy |
| Membership administration and management | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Student enrolment and ongoing administration (including examinations and assessments) | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Targeted testing (including index testing and SNS) | S11 – We have the data subject’s and / or competent persons consent, where necessary | In accordance with records retention policy |
| Provision of intermittent care | S11 – We have the data subject’s and / or competent persons consent, where necessary | In accordance with records retention policy |
| Programmatic data requirement | S11 – It is in our organisation’s legitimate interest (Organisation operations and due diligence) | In accordance with records retention policy |
| Paediatric risk screening | S11 – We have the datav subject’s and / or competent persons consent, where necessary | In accordance with records retention policy |
| Medical consultation and examination | S11 – We have the data subject’s and / or competent persons consent, where necessary | In accordance with records retention policy |
From our sub-recipients, including community-based organisations, we collect, use and retain personal information for the following purposes and periods, with the applicable lawful basis:
| Processing purpose | Lawful basis | Retention period |
|---|---|---|
| Funding administration, procurement onboarding, budget management contract management and funder compliance (for example reporting purposes) | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Cash flow management and payments | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Auditing and taxation services | S11 – We, the Responsible Party must comply with a legal obligation | In accordance with records retention policy |
From our consultants, service providers and suppliers, we collect, use and retain personal information for the following purposes and periods, with the applicable lawful basis:
| Processing purpose | Lawful basis | Retention period |
|---|---|---|
| Contract administration, procurement onboarding, contract management and compliance | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Budgeting, cash flow management and payment purposes | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Monitoring and reporting | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Compliance (BEE) | S11 – We, the Responsible Party must comply with a legal obligation | In accordance with records retention policy |
| Compliance (SITA) | S11 – We, the Responsible Party must comply with a legal obligation | In accordance with records retention policy |
| Auditing and taxation services | S11 – We, the Responsible Party must comply with a legal obligation | In accordance with records retention policy |
| Preferred supplier/ service provider list | S11 – It is in our organisation’s legitimate interest (organisation operations and due diligence) | In accordance with records retention policy |
From our prospective employees we collect, use and retain personal information for the following purposes and periods, with the applicable lawful basis.
| Processing purpose | Lawful basis | Retention period |
|---|---|---|
| Employee recruitment | S11 – We have the data subject’s consent | In accordance with records retention policy |
| Prospective employee criminal and credit checks (verification) | S11 – We have the data subject’s consent | In accordance with records retention policy |
| Prospective employees (reference checks) | S11 – We have the data subject’s consent | In accordance with records retention policy |
| Do not re-employ list | S11 – We have the data subject’s consent | In accordance with records retention policy |
From our volunteers and students we collect, use and retain personal information for the following purposes and periods, with the applicable lawful basis:
| Processing purpose | Lawful basis | Retention period |
|---|---|---|
| Volunteer management | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Medical screening | S11 – We, the Responsible Party must comply with a legal obligation | In accordance with records retention policy |
| Supervision | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Compliance (SITA, QCTO and BEE) | S11 – We, the Responsible Party must comply with a legal obligation | In accordance with records retention policy |
| Student enrolment and ongoing administration | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Student examinations and assessments | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Student transfers and exits | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
| Donor administration | S11 – To conclude or perform a contract to which the data subject is party | In accordance with records retention policy |
From our employees beneficiaries we collect, use and retain personal information for the following purposes and periods, with the applicable lawful basis:
| Processing purpose | Lawful basis | Retention period |
|---|---|---|
| Membership administration and management | S11 – We, the Responsible Party must comply with a legal obligation | In accordance with records retention policy |
What personal information do we collect?
We only collect the minimum amount of information that is relevant to the purpose. If you interact with us on the internet, the personal information we collect depends on whether you just visit our website or, use our services. If you visit our website, your browser transmits some data automatically, such as your browsing times, the data transmitted and your IP address. If you use our services, personal information is required to fulfil the requirements of that service. Generally, we collect the following personal information. If there is any specific personal information to collect, we will indicate as such, at or near the time of collection.
- Accreditation documents
- Age
- B-BBEE verification certificates
- Company references
- CIPC Company documents
- Company registration documents
- Club numbers
- Contact details: physical address, telephone number and email address
- Date of birth
- Education history
- Employment history
- EMP201 documentation
- Financial & banking details
- Gender
- Identification number
- Name and surname
- NPO certificate
- Online identifier
- Patient file number
- Passport or refugee number
- Personal opinions, views or preferences
- Position
- Prison number
- Salary slips
- Sexual contact details
- Staff number
- Tax numbers & IRP5 documentation
- VAT number
Special personal information could be about your health, your racial or ethnic origin, your trade union membership etc. We collect the following special personal information, under the appropriate lawful basis.:
- Race or ethnic origin
- S29 – We comply with provisions concerning a data subject’s race or ethnic origin
- S27 – We have the data subject’s consent
- S27 – For historical, research or statistical purposes, with appropriate guarantees to privacy
- Health or sex life
- S32 – We comply with provisions concerning a data subject’s health or sex life
- S27 – For historical, research or statistical purposes, with appropriate guarantees to privacy
- S27 – We have the data subject’s consent
- Biometric information
- S27 – We have the data subject’s consent
- S33 – We comply with provisions concerning a data subject’s criminal behaviour or biometric information
- Criminal behaviour – allegations
- S27 – We have the data subject’s consent
- Political persuasion
- S27 – We have the data subject’s consent
We collect your personal information from the following indirect sources
| Data subject type | Personal information type | Indirect source name |
|---|---|---|
| Beneficiaries | Name, surname, date of birth, gender, passport and identity number, prison number, patient file number, age, physical address, telephone number, educational institution, email address |
|
| Prospective employee | Name, surname, position, date of birth, gender, salary slips, passport and identity number, age, physical address, educational institution, employment history, email address |
|
Who might we share your personal information with?
To maintain and improve our services, your personal information may need to be shared with or disclosed to our service providers, other organisations such as ours or, in some cases, public or legal authorities.
We transfer personal information to the following organisations and countries:
| Data subject type | Organisation type | Type | Country |
|---|---|---|---|
| Sub-recipients, consultants and service providers | Auditors | Responsible party | South Africa |
| Sub-recipients, consultants and service providers | Donors | Responsible party | South Africa, United States of America, Belgium |
| Sub-recipients, consultants and service providers | BEE partners | Operator | South Africa |
| Sub-recipients, consultants and service providers | National and provincial departments (health, SETA’s) | Responsible party | South Africa |
| Sub-recipients, consultants and service providers | Third party storage | Operator | South Africa |
| Volunteers | National departments (health and labour) | Responsible party | South Africa |
| Volunteers | Donors | Responsible party | South Africa, United States of America, Belgium |
| Beneficiaries | Donors | Responsible party | South Africa, United States of America, Belgium, Netherlands |
| Beneficiaries | Sub-recipients | Responsible party / operator | South Africa |
| Beneficiaries | Online health platforms | Operator | South Africa |
| Beneficiaries | National and provincial departments (health, social development, laboratory) | Responsible party | South Africa |
| Beneficiaries | Third party storage | Operator | South Africa |
| Beneficiaries | Auditors | Responsible party | South Africa |
| Beneficiaries | Contracted medical service providers (for example circumcision and opioid substitution or agonist treatment) | Operators | South Africa |
| Beneficiaries | Training services providers | Operators | South Africa |
| Beneficiaries | Research institutions | Responsible party and operators | South Africa, United States of America, United Kingdom |
| Prospective employees | Screening and vetting | Operator | South Africa |
If we transfer your personal information outside of South Africa, we apply the necessary safeguards which include, confirming whether the receiving country has the proper data protection law, ensuring that there is a binding agreement between parties or, if the transfer is internal to our organisation, commitment to binding corporate rules.
Details of these safeguards may be obtained by contacting us directly.
How do we look after personal information?
We limit the amount of personal information collected to only what is fit for the purposes as described above. We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic. We retain personal information only for as long as is described above, to respond to your requests, or longer if required by law. If we retain your personal information for historical or statistical purposes we ensure that the personal information cannot be used further. While in our possession, together with your assistance, we try to maintain the accuracy of your personal information.
Other security measures include:
- Access control;
- Encryption;
- Regular risk assessments;
- Ongoing integrity, availability and resilience;
- Ability to restore the availability and access; and
- Testing, assessing and evaluating the effectiveness of these adopted measures.
Your rights
Access
You have the right to request access to any of your personal information we may hold.
Objection
When we collect your personal information, you have the right to object to us processing your personal information.
Correction
You have the right to request that we correct, update, destroy or delete your personal information if the personal information is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.
If we no longer have the authority to retain your personal information you may request that we destroy or delete your personal information at any time and free of charge.
If you would like to make a request for access:
Please complete the data subject access request at the following link:
Please contact us using the information provided below.
If you would like to request that we correct, update, destroy or delete your personal information:
- Please complete the data subject access request at the following link:
- Please complete Form 2 and submit this form together with your ID to the contact details provided below.
If you would like to object to us processing your personal information:
- Please complete the data subject access request at the following link:
- Please complete Form 1 and submit this form together with your ID to the contact details provided below.
Our Information Officer
Harry Hausler
Address:
7th floor, 11 Adderley Street, City of Cape Town, Cape Town, 8001
Email address:
dio@tbhivcare.org
Telephone:
(021) 425 0050
Our Deputy Information Officer
Yumna Gamieldien
Address:
7th floor, 11 Adderley Street, City of Cape Town, Cape Town, 8001
Email address:
dio@tbhivcare.org
Telephone:
(021) 425 0050
The SA Information Regulator
You have the right to lodge a complaint with the SA Information Regulator.
Footer logo
Shapcommunity logo
