1. For the purpose of this policy, the following words shall bear the following meanings:

1.1. "Data Breach" means any incident in terms of which reasonable grounds exist to believe that the Personal Information of a Data Subject has been accessed or acquired by any unauthorised person;

1.2. "Data Protection Legislation" means any and all laws relating to the protection of data or of Personal Information relevant to a person, any applicable law relating to the Processing, privacy, and use of Personal Information including POPIA, and any corresponding or equivalent national laws or regulations; or approved codes of conduct or approved certification mechanisms issued by any relevant regulatory authority and the protection of Personal Information;

1.3. "Data Subject" means the person (whether natural or juristic) to whom personal information relates, being the Member;

1.4. "Information Officer" means the head of a private body as contemplated in section 1 of PAIA;

1.5. "Information Regulator" means the regulatory body established in terms of Section 39 of POPIA, charged with enforcing compliance with POPIA;

1.6. "Intellectual Property" means any know-how (not in the public domain), invention (whether patented or not), design, trade mark (whether or not registered), or copyright material (whether or not registered), processes, process methodology (whether patented or not), and all other identical or similar Intellectual Property as may exist anywhere in the world which is not in the public domain and any applications for registration of such Intellectual Property;

1.7. "PAIA" means the Promotion of Access to Information Act, No. 2 of 2000;

1.8. "Personal Information" means any information which can be used or reasonably used to identify or which relates to a Data Subject, or as otherwise defined under applicable Data Protection Legislation;

1.9. "POPIA" means the Protection of Personal Information Act, No. 4 of 2013 and all regulations thereto;

1.10. "Privacy Policy" shall have the meaning ascribed thereto in clause 3.1.2 of the Patient-Member Terms & Conditions;

1.11. "Process" shall have the meaning ascribed thereto in applicable Data Protection Legislation;

1.12. "Responsible Party" means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for Processing Personal Information; and

1.13. "Special Personal Information" means the special category of Personal Information as referred to in section 26 of POPIA.

2. In order to provide the Platform and related Services to the Member, Infinity Medical Concierge shall be exposed to and process the Member's Personal Information, which may include Special Personal Information and, therefore, Infinity Medical Concierge hereby undertakes to adhere to POPIA and the Privacy Policy to ensure that the Member's Personal Information which is obtained and Processed through the use of the Platform is kept private and confidential.

3. Generally, Infinity Medical Concierge will store all the Member’s Personal Information for purposes of facilitating the Member and the HCPs interaction.

4. Infinity Medical Concierge may store the health records (such as family information and relationships, patient notes, past medical history, medications, allergies, health metrics (from wearables (e.g., fitness devices or activity trackers) and diagnostic test results) of the Member, including the notes made by the HCPs in respect of that Member.

5. Further, it is specifically acknowledged that all calls and other interactions between the Member and Infinity Medical Concierge may be recorded and such recordings will be stored in the Member's file.

6. Infinity Medical Concierge will, through the Platform, provide access to the Member’s health records to the Member's elected HCPs, and such access will include the notes of other HCPs who have consulted with the Member. The purpose of this is to ensure that each authorized HCP is able to have a complete picture of the Member’s health and healthcare and that, in case of an emergency, all records are easily accessible. The Member acknowledges that incomplete sharing of information may have an impact on the care rendered. The Member hereby consents to such Processing. Such access may be revoked by the Member at any stage via written consent between Infinity Medical Concierge and the Member.

7. All Members’ information is stored by a third party contracted to Infinity Medical Concierge for such purpose on a server based in Ireland, and this constitutes transborder information transfer as governed by section 72 of POPIA. To that effect, Infinity Medical Concierge has entered into an agreement with such third party, being SDFC Ireland Limited and Microsoft Ireland Operations Limited, to ensure that the Personal Information of the Member is processed and specifically stored, in line with the principles entrenched in POPIA and the Privacy Policy.  The Member acknowledges that such third party may, from time to time, gain access to and Process the Member's Personal Information and hereby consents to such Processing.

8. The Member consents to the Processing, in general and specifically to the storage and use of the Personal Information, (which may include Special Personal Information) and such consent is given on the following basis:

8.1. to provide the elected HCPs with a complete health record for each Member, which will be used by the HCPs to update the health and wellness plan, to track patient progress and to ensure readily available information in cases of emergencies;

8.2. to provide HCPs with high-level patient information when booking appointments;

8.3. Infinity Medical Concierge and/or its designated emergency service provider may access the Member’s health records in an emergency so as to assist in the care to be rendered to the Member;

8.4. Infinity Medical Concierge will respect the Member's wishes in relation to the person whose details the Member provided to Infinity Medical Concierge to consent to care, when the Member is unable to; and

8.5. to ensure that each Member's elected HCPs are able to have a complete picture of the Member’s health and healthcare and that, in case of an emergency, all records are easily accessible.

9. Infinity Medical Concierge's Information Officer is Antony Seeff. Please contact him at info@infinity-mc.com, should you wish to exercise any of your Data Subject access rights under POPIA, including in cases of Personal Information changes, opt-outs, information destruction and any matter pertaining to the Personal Information used as part of the Platform.

10. Infinity Medical Concierge will keep the information obtained as part of maintaining the Platform for as long as it is necessary to achieve the purpose for which it was collected, unless further retention is permitted in terms of Data Protection Legislation or other exceptions under POPIA apply. Where Infinity Medical Concierge retains Personal Information for longer periods for statistical, historical or research purposes, Infinity Medical Concierge will procure that appropriate safeguards have been put in place to ensure that all recorded Personal Information will continue to be Processed in accordance with Data Protection Legislation. Further, once the purpose for which the Personal Information was initially collected and Processed no longer applies or becomes obsolete, Infinity Medical Concierge will ensure that the Personal Information is deleted, destroyed or de-identified sufficiently so that a person cannot re-identify the Data Subject. The Data Subject acknowledges that in instances where Infinity Medical Concierge de-identifies a Data Subject's Personal Information, Infinity Medical Concierge may use such de-identified information indefinitely.

11. In the event of a Data Breach, Infinity Medical Concierge will address any such Data Breach in accordance with the POPIA.

12. Where Personal Information relating to someone other than the Member is provided to Infinity Medical Concierge as part of the Member's access to the Platform and consumption of related Services, the Member warrants that it is authorised to provide such Personal Information to Infinity Medical Concierge and hereby authorizes Infinity Medical Concierge to Process such Personal Information for purposes related to these Terms and Conditions. In this regard, the Member indemnifies Infinity Medical Concierge for any failure to comply with this clause 2.

13. When Membership terminates, the Member may download all of his/her Personal Information from the Platform. No guarantees can be made in relation to the future availability or accessibility of information not so downloaded from the system, and such information may be destroyed after termination of Membership.

14. If a Member terminates his/her Membership, the HCPs with whom the Platform has linked the Member will be informed of that fact and the Member will be provided with an opportunity to download the information the Member has created and/or maintained on the Platform.

15. A recordal of the Member's rights under POPIA is attached hereto as Appendix A.  

‍

APPENDIX A: THE RIGHTS UNDER THE POPI ACT OF PERSONS WHOSE PERSONAL INFORMATION IS PROCESSED BY REFUAH MEDICAL SERVICES (PTY) LTD (“RESPONSIBLE PARTY”)

You have the right, at any time to:

1. Notification that includes:

a. when personal information is being collected,

b. the type of information collected,

c. for what purpose,

d. whether the information is to be supplied voluntarily or is collected mandatory, and

e. whether the information would be transferred to a third country and the protections afforded there;

2. Notification if there has been unlawful access or acquisition of your Personal Information;

3.  Request a record of their Personal Information;

4.  Request the *correction, *deletion and/or *destruction of your Personal Information;  

5.  Object to the processing of Personal Information;

6.  Exercise the right to withdraw the consent to processing, if voluntarily given (i.e. if not    required by a law);

7.  Not be subjected to unsolicited electronic communication and/or marketing, unless you are a customer with whom the Responsible Party has a sales or service record, or the person has consented to the communication and the person has had an opportunity to object to the communication;

8.  Not to be subjected to automated decision-making based on the personal information in contravention of section 71, POPI Act, i.e. where information is used to for example decline

benefits or services automatically;

9.  Submit a complaint to the Information Regulator; and

10. Institute civil proceedings regarding an alleged interference with his/her/its personal information in term of section 99, POPI Act.

*Any correction, deletion and or destruction will not be possible if:  

- the law requires (longer) retention, prohibits deletion or destruction, or

- it results in the inability of a contracting party to fulfil their rights and obligations, or

- it results in the unintended termination of an Agreement.

# Notification of access will also not be given in instances where it would detract from legal processes or the likes.

For any queries or concerns, please contact our Information Office:

Information Officer: Antony Seeff Deputy Information Officer: Avi Rozowski

Email: antony@infinity-mc.com Email: avi@infinity-mc.com

Tel: 087-330-7000 Tel: 087-330-7000

‍