Privacy Policy

How UTANO collects, uses, and protects your personal and health information in compliance with POPIA

Back to Home

UTANO Health Care Plan

Privacy Policy

Effective: August 2025 | Jurisdiction: South Africa & Zimbabwe

This Privacy Policy explains how UTANO Health Care Plan collects, uses, and protects your personal information in compliance with POPIA (Protection of Personal Information Act) and applicable healthcare privacy laws.

Table of Contents

1. Information We Collect 2. How We Use Your Information 3. Information Sharing & Disclosure 4. Data Storage & Security 5. Your Privacy Rights 6. Data Retention 7. Cookies & Online Tracking 8. Children's Privacy 9. International Data Transfers 10. Policy Updates 11. Contact & Data Protection Officer 12. Information Regulator Contact

1. Information We Collect

Personal Information:

  • Full name and preferred name
  • ID number or passport number
  • Date of birth and gender
  • Contact details (phone, email, address)
  • Emergency contact information
  • Nationality and immigration status (if applicable)

Membership & Health Plan Data:

  • UTANO membership ID and digital member card
  • Payment history and billing information
  • Appointment bookings and clinic visits
  • Service usage and benefit claims
  • Membership preferences and settings

Sensitive Health Information:

  • Medical history and current health conditions
  • Prescription medications and treatments
  • Test results and diagnostic information
  • Consultation notes and healthcare provider communications
  • Allergies and medical alerts
  • Mental health information (where applicable)
  • Family medical history (where relevant)

This sensitive information is collected only with your explicit consent and is protected under the highest security standards.

Payment Data:

  • Transaction details via PayFast, MUKURU, Ozow, or bank transfers
  • Payment method preferences and billing addresses
  • Financial records and payment history
  • Refund and dispute information

Device & Usage Information:

  • IP address and browser information
  • Device type, operating system, and unique device identifiers
  • Mobile app usage patterns and feature interactions
  • Website cookies and tracking data
  • WhatsApp interaction logs and chat history
  • Location data (when permission is granted)

2. How We Use Your Information

UTANO uses your personal information for the following legitimate purposes:

Healthcare Services:

  • Provide health plan services and benefits
  • Facilitate access to partner clinics
  • Coordinate care between providers
  • Maintain continuity of care

Payment Processing:

  • Process monthly payments and renewals
  • Handle financial transactions securely
  • Manage billing and invoicing
  • Process refunds and disputes

Appointment Management:

  • Schedule and manage appointments
  • Send appointment reminders
  • Coordinate with healthcare providers
  • Track appointment history

Communication:

  • Send notifications via email and SMS
  • Provide WhatsApp support
  • Share important health information
  • Deliver mobile app notifications

Additional Uses:

  • Record Keeping: Maintain accurate medical and membership records as required by law
  • Service Improvement: Enhance platform security, user experience, and service quality
  • Legal Compliance: Meet regulatory requirements and legal obligations
  • Research & Analytics: Conduct anonymized research to improve healthcare outcomes (with consent)

3. Information Sharing & Disclosure

UTANO may share your information with the following parties under strict confidentiality agreements:

Authorized Sharing:

  • Partner Clinics & Healthcare Providers: Medical information shared for treatment purposes only, with your consent
  • Payment Processors: PayFast, MUKURU, Ozow, and banking partners for secure transaction processing
  • Regulatory Authorities: When required by law, court order, or regulatory compliance
  • IT & Service Providers: Technical support partners under strict confidentiality agreements
  • Emergency Services: In life-threatening situations where immediate medical attention is required

Important Commitment:

UTANO never sells personal data to third parties for marketing or commercial purposes. Your information is shared only when necessary for healthcare delivery, payment processing, or legal compliance.

Circumstances for Disclosure Without Consent:

  • Legal obligations or court orders
  • Public health emergencies
  • Prevention of serious harm to individuals or public
  • Law enforcement investigations (with proper legal authority)

4. Data Storage & Security

Security Measures:

  • Industry-standard encryption (AES-256)
  • Secure data centers with 24/7 monitoring
  • Multi-factor authentication systems
  • Regular security audits and penetration testing
  • Encrypted data transmission (SSL/TLS)

Access Controls:

  • Role-based access permissions
  • Strict employee background checks
  • Regular access reviews and audits
  • Immediate access revocation for terminated staff
  • Comprehensive audit trails

Medical Data Protection:

Sensitive health information receives the highest level of protection:

  • Separate encrypted databases for medical records
  • Limited access to authorized healthcare personnel only
  • Additional authentication required for sensitive data access
  • Compliance with healthcare privacy regulations
  • Regular security training for all staff handling medical data

Incident Response:

  • 24/7 security monitoring and incident response team
  • Immediate containment and investigation of security incidents
  • Prompt notification to affected members and authorities as required
  • Regular backup and disaster recovery procedures

5. Your Privacy Rights

Under POPIA and applicable privacy laws, you have the following rights:

Your Rights Include:

  • Access: Request copies of your personal information
  • Correction: Update or correct inaccurate personal information
  • Deletion: Request deletion of your data (where legally permissible)
  • Consent Withdrawal: Withdraw consent for certain data processing activities
  • Portability: Request transfer of your data to another provider
  • Complaints: File complaints with the Information Regulator

How to Exercise Your Rights:

  • Contact our Data Protection Officer at privacy@utanohealthcare.com
  • Submit requests through your member portal
  • Call or WhatsApp our privacy line: +27 70 462 7990
  • Send written requests to our postal address

Response Timeframes:

  • Access requests: Within 30 days
  • Correction requests: Within 30 days
  • Deletion requests: Within 30 days (subject to legal requirements)
  • Complex requests may require additional time with notification

6. Data Retention

Active Membership:

  • Personal data retained throughout active membership
  • Medical records maintained for continuity of care
  • Payment history kept for billing purposes
  • Regular data reviews and updates

Post-Termination:

  • Medical records: 7 years (healthcare regulations)
  • Financial records: 5 years (tax and audit requirements)
  • Personal data: 2 years (legal and operational needs)
  • Marketing data: Deleted immediately upon request

Legal Requirements:

Some information must be retained longer due to:

  • Healthcare regulations and medical record requirements
  • Tax and financial audit obligations
  • Legal proceedings or potential claims
  • Regulatory compliance and reporting requirements

Secure Deletion:

When data is no longer required, it is securely deleted using industry-standard methods to ensure it cannot be recovered or reconstructed.

7. Cookies & Online Tracking

Our digital platforms use cookies and tracking technologies to enhance your experience:

Essential Cookies:

  • Login sessions and authentication
  • Security and fraud prevention
  • Basic website functionality
  • User preferences and settings

Analytics Cookies:

  • Website traffic and usage patterns
  • Feature usage and performance
  • Error tracking and debugging
  • Service improvement insights

Cookie Control:

  • Manage cookie preferences through browser settings
  • Opt-out of non-essential cookies via our cookie banner
  • Clear cookies at any time through browser controls
  • Note: Disabling essential cookies may affect platform functionality

Third-Party Tracking:

We may use third-party services for:

  • Google Analytics (anonymized data only)
  • Payment processor tracking (for fraud prevention)
  • Customer support tools (with consent)

8. Children's Privacy

Minors Under 18:

Personal data from children under 18 is collected only with explicit parental or guardian consent.

  • Parents/guardians must provide consent for data collection
  • Parents/guardians have the right to access their child's information
  • Parents/guardians can modify or delete their child's data
  • Special protections apply to children's sensitive health information

Parental Rights:

  • Review all information collected about their child
  • Request correction of inaccurate information
  • Request deletion of their child's data
  • Withdraw consent for data processing
  • Control communication preferences for their child

9. International Data Transfers

Your data may be transferred outside South Africa and Zimbabwe to:

Transfer Purposes:

  • Cloud storage providers with equivalent data protection standards
  • International payment processors for secure transaction processing
  • Technical service providers supporting our platform infrastructure
  • Backup and disaster recovery services

Transfer Safeguards:

  • Standard Contractual Clauses (SCCs) with all international partners
  • Adequacy decisions for transfers to countries with equivalent protection
  • Binding Corporate Rules for multinational service providers
  • Regular audits of international partners' data protection practices

Your Rights for International Transfers:

  • Request information about where your data is processed
  • Object to transfers to specific countries
  • Request copies of transfer safeguards
  • File complaints about international transfers

10. Policy Updates

Update Process:

  • This Privacy Policy may be updated periodically to reflect changes in our practices or legal requirements
  • Updates will be posted on our website and mobile app
  • Significant changes will be communicated via email, SMS, or push notifications
  • Continued use of UTANO services after updates constitutes acceptance of the revised policy

Notification Methods:

  • Email notifications to registered members
  • SMS alerts for significant changes
  • In-app notifications and banners
  • WhatsApp messages for urgent updates
  • Website banners and pop-up notifications

Your Options:

If you disagree with policy changes, you may:

  • Contact us to discuss your concerns
  • Withdraw consent for specific data processing activities
  • Cancel your membership if changes are unacceptable
  • Request deletion of your data (subject to legal requirements)

11. Contact & Data Protection Officer

For Privacy Questions, Data Requests, or Concerns, Contact:

Data Protection Officer:

  • Email: privacy@utanohealthcare.com
  • WhatsApp Privacy Line: +27 70 462 7990
  • Subject Line: "Privacy Inquiry - [Your Request Type]"

General Contact:

  • General Inquiries: info@utanohealthcare.com
  • Phone: +27 70 462 7990
  • Postal Address: UTANO Health Care Plan, Privacy Department, [Address to be provided]

When Contacting Us, Please Include:

  • Your full name and UTANO membership ID
  • Clear description of your privacy concern or request
  • Preferred method of response (email, phone, WhatsApp)
  • Any relevant documentation or reference numbers

Response Commitment:

  • Initial response within 48 hours
  • Full resolution within 30 days for most requests
  • Regular updates for complex matters
  • Escalation procedures for urgent privacy concerns

12. Information Regulator Contact

If you believe your privacy rights have been violated, you may file a complaint with the relevant authorities:

Information Regulator (South Africa)

  • Email: inforeg@justice.gov.za
  • Website: www.justice.gov.za/inforeg
  • Phone: +27 12 406 4818
  • Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg

Zimbabwe Data Protection Authority

  • Email: [Contact details to be provided]
  • Website: [Website to be provided]
  • Phone: [Phone to be provided]
  • Address: [Address to be provided]

Before Filing a Complaint:

We encourage you to contact us first to resolve privacy concerns. Many issues can be resolved quickly through direct communication with our Data Protection Officer.

  • Document your privacy concern clearly
  • Keep records of all communications with UTANO
  • Allow reasonable time for UTANO to respond and resolve the issue
  • Escalate to regulators if resolution is not satisfactory

Document Information

Document Version: 1.0

Effective Date: January 2025

Last Updated: January 2025

Next Review: January 2026

Jurisdiction: South Africa & Zimbabwe

Language: English

Document Type: Privacy Policy

Compliance: POPIA, Healthcare Privacy Laws

This Privacy Policy is effective immediately upon publication and applies to all UTANO Health Care Plan members and website visitors. By using UTANO services, you acknowledge that you have read, understood, and consent to the collection, use, and disclosure of your personal information as described in this policy.