The policy represents the company‘s commitment to compliance with its obligations under the Protection of Personal Information Act 4 of 2013 (“POPI”).
The processing of personal information:
We provide this policy in accordance with POPI, detailing the lawful approach we take in the collection of information and in regard to the management, use and processing of all information collected from you and other legitimate sources and all subsequent dealings with your lawful representatives and other entities listed in this policy.
In the course of our business we only process personal information in relation to our clients in terms of the services requested by them, which will be detailed in the agreement between us (“the lawful purpose”).
The types of personal information collected and processed:
We gather information about yourself and or the organisation you represent primarily from your client and in some instances from you or your organisation as well.
Why we Process Personal Information
We Process Personal Information:
in order to provide a service to you and your client.
to ensure information that you submit, use or view is applicable to you in reference to the service you provide your client and the corresponding payment claims you submit for processing.
What laws authorize us to collect personal information?
We are authorized to collect your personal information, for a lawful purpose, by POPI. In order to access/collect/process your information, we act on your behalf as the “responsible party” requesting access to your information under South African legislation.
How we collect personal information:
We collect personal information in South Africa from these possible legitimate sources:
from your "client" in reference to the service(s) you provide them from your organisation or an authorized representative of such
Please note, depending on circumstances, we may choose not to collect information from all these sources.
Parties we share your information with:
We only share your information with your client as outlined in the
How we hold personal information securely:
All content and data collected, stored and processed is done so using Data Encryption and provided by 3rd party services who comply with the EU General Data Protection Regulation (GDPR)
Our 3rd party services encrypt data in transit using HTTPS and logically isolate customer data. In addition, data is also encrypted at rest.
Innovative Thinking and its 3rd party services restricts access to a select employee who have a business purpose to access personal data.
All of our 3rd party services have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process
How you may complain about our failure to comply with POPIA:
You can Contact Us through the linked form
Or you can email us at firstname.lastname@example.org