CASA EVENTS APP

PRIVACY POLICY

Updated: 15 November 2023, version 1.5.1
Developer: SmartMob

The Chiropractic Association of South Africa (CASA, us, we, or the Association) and all service providers (ProfNet and SmartMob) appreciate your use of and contributions to our websites, our mobile and desktop applications, or our related services (collectively known as the “CASA Service(s)”).

We understand your concerns about privacy. So, we want you to understand what types of information we collect on our sites and apps and what may happen to that information.

This is our Privacy Policy and we will comply with it, as well as applicable privacy laws, when we gather and use information from users. We encourage you to read this Privacy Policy to understand how we collect information and what we do with the information we collect from you.

In terms of the Protection of Personal Information Act 4 of 2013 (POPIA), CASA and its Affiliates and Service Providers are committed to upholding the confidentiality and security of your personal information. The information below explains how we collect, use, store, disclose and safeguard your personal information.

1.  CHANGES TO THIS PRIVACY POLICY

We reserve the right in our sole discretion, to revise or supplement this Privacy Policy from time to time to reflect, inter alia any changes in our activities. Where we update the Privacy Policy, we will publish it on our website. Users of the app will be notified by an in-app notification prompting them to review the updated Privacy Policy, which will also be available in the app. It will also be available at our offices. Any revised version of the Policy will be effective as of the date of posting on the website/app and recorded at the start of this Privacy Policy.

2.  WHAT INFORMATION DO WE COLLECT?

We use data minimization and only collect data that is necessary for its stated purpose, and we do not collect excessive or irrelevant information.

Information You Provide to Us:

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information (PII) you provide us, may include:

  • Profile photo (optional) -this requires Camera permissions on your device)
  • ID number (As the unique identifier)
  • Council registration number for the CPD certificate
  • email address
  • first and last name
  • Phone number
  • Delivery address

Financial information related to payment, including name, email address, billing address, credit card information, phone number, and other information necessary to complete a transaction or purchase, record of products or services purchased, and the date the transaction(s) occurred -these are collected via a secure payment gateway (DPO PayGate) and none of your payment information is stored on the CASA systems.

Information We Automatically Collect:

The following usage data is automatically collected:  device manufacturer, device Operating system and version (Android, iOS, Windows), browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, and other diagnostic data.

We do not collect any information while the app is operating in the background.

3.  HOW AND ON WHAT GROUNDS DO WE USE THE INFORMATION?

The Association uses the collected data for various purposes:

  • To provide and maintain services
  • To notify you about changes to our services
  • To allow you to participate in interactive features of our services when you choose to do so
  • To provide customer care and support
  • To provide analysis or valuable information so that we can improve our services
  • To monitor the usage of the services
  • To detect, prevent and address technical issues

4.  HOW DO WE SHARE AND DISCLOSE INFORMATION TO THIRD PARTIES?

The Association does not sell, rent, or loan any of your PII to any third party.

The Association may disclose your Personal Data in the good faith belief that such action is necessary:

  • To comply with a legal obligation
  • To protect and defend the rights or property of The Association
  • To prevent or investigate possible wrongdoing in connection with the Service
  • To protect the personal safety of users of the Service or the public
  • To protect against legal liability.

5.  WHO ARE THE THIRD-PARTY RECIPIENTS OF YOUR PERSONAL INFORMATION?

The Association may share information with third parties in the following situations:

Service Providers: The Association may share your PII with suppliers and service providers specifically involved in the processing of your information to provide, improve, and personalize services provided. These include SmartMob (the developer and support provider) and ProfNet (our administrator).

Legal Process: We may share your PII with third parties in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws.

Legal Claims: We may share your PII with third parties in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.

6.  FOR HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?

We will retain your PII for only as long as you maintain an account or as otherwise necessary to provide you the applicable services. We will also retain your PII as necessary to comply with our legal obligations (to a maximum of 5 years), resolve disputes, and enforce our agreements. Where we no longer need to process your PII for the purposes set out in this Privacy Policy, we will either delete or anonymize your PII in our systems so that it can no longer be attributed to a particular individual. In the event that any residual information, that we are not able to anonymize, remains within our system, we will isolate such information from further processing until deletion or anonymization is possible. If you have any questions, please reach out to us at the contact information in Section 14.

7.  SECURITY

The Association limits third-party access to PII collected on this website. We have security measures in place that we believe are reasonable to help protect against the loss, misuse, and alteration of the information under our control. While we cannot guarantee that loss, misuse, or alteration to data will not occur, we use industry standard cryptography in transmission, such as hypertext transfer protocol secure (“HTTPS”) technology, to help safeguard against such occurrences. The information passed between your device and our system is encrypted with SSL/TLS technology to create a protected connection between your device and our systems to ensure confidentiality. In the event that we are required by law to inform you of a breach to your PII, we may notify you electronically, in writing, or by telephone, if permitted to do so by law within 48 hours of the breach being detected. All possible steps will be taken to minimize the effect of the breach and will include steps such as blocking IP Addresses, temporarily limiting access to the database during the investigation, and updating the security measures and application to prevent future breaches.

Data is stored in a secure database in the Microsoft Azure cloud. Only selected staff members of the developer, with a signed Non-disclosure Agreement (NDA) are allowed access to this environment if required for support and maintenance. Access is also limited to their approved IP Addresses.

8.  YOUR PRIVACY RIGHTS

What choices do you have?

By using the app or service, users are implicitly agreeing to the collection and processing of their personal data. You can always opt not to disclose information. However, some information may be needed to register for the services, for purchases, or to take advantage of certain features and if you opt-out from providing the information, the application limit access to further functionality.

Cookies/Tracking

You can accept or reject cookies for websites associated with us through adjusting your web browser controls.

You can accept or reject tracking for apps associated with us, whether prompted or by going to the appropriate section of your device’s settings.

To turn off tracking on iOS, go to Settings > Privacy > Tracking, then find the appropriate CASA Property and toggle tracking off.

To turn off tracking on Android, go to Settings > Privacy > Tracking, then toggle tracking off.

9.  HOW CAN YOU EXERCISE YOUR DATA SUBJECT RIGHTS?

Accessing Your Data

We take reasonable steps to ensure that your PII is accurate, complete, and up to date. You may access your PII that we hold by contacting the Information Officer. For your protection, we may need to verify your identity before implementing your request. We will try to implement your request as soon as reasonably practicable (targeting to resolve queries within 2 weeks from receipt). You have the right to data portability, and you can request a copy of your data in a commonly used and machine-readable format (e.g. MS Word, CSV or MS Excel) for transfer to another service.

Rectifying Your Data

We rely on you to update and correct your PII, this can be achieved by contacting the Information Officer. Please note that we may keep historical information in our backup files as permitted by law.

Restriction of Processing Your Data

At any point, you may request that we restrict processing of your PII where one of the following applies:

  • If you contest the accuracy of the PII, for a period enabling us to verify the accuracy of the PII;
  • If the processing is unlawful and you oppose the erasure of the PII and request the restriction of their use instead; or
  • We no longer need the PII for the purposes of the processing, but they are required by you for the establishment, exercise, or defence of legal claims.

Deletion of user profile/Erasure of Your Data

You may request the deletion of your PII or user account from our systems. Please use the button provided on the Support page in the app or contact the Information Officer. Deletion is a manual process which will be concluded as soon as possible (but not exceeding 1 week from receiving your request), and you will be informed once the process is complete.

Process to exercise your rights

The Association has an Information Officer that can assist with addressing your rights under this Privacy Policy. Please refer to section 14 for contact details. The process is as follows:

  • Write to the Information Officer (email preferred) stating your specific requirement and also identifying that your request pertains to the CASA Events app
  • Provide a copy of your ID for verification
  • The Association will confirm acceptance of your request
  • The Association will provide feedback as soon as possible but no later than 2 weeks after receipt of your request

 

10. CHILDREN’S INFORMATION

Our services are not intended for anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we will take steps to remove that information from our servers. Consent can be withdrawn by following the steps in Section 8 to delete your data, in which case your access to the app will be revoked.

11. INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Your information, including Personal Data, is managed and stored within the borders of the Republic of South Africa as required by POPIA. In some edge cases (such as problem with internet connectivity), your data may be rerouted through an international data link or international server. Please note, that all data in transit is encrypted using the HTTPS protocol to protect your privacy.

14. CONTACT INFORMATION

If you have any questions regarding the contents of this privacy policy, you may address those concerns in writing to:

 

THE INFORMATION OFFICER:

Dr Bridget Bromfield

Tel: 086 188 7772

Email: info@chiropractic.co.za

Physical address: Crossway Office Park 2, 240 Lenchen Ave, Jean Ave, cnr, Centurion, 0157

 

Dispute resolution:

You may also lodge a complaint/dispute with the Information Regulator at “complaints.IR@justice.gov.za”.

We would appreciate it if you would give us the opportunity to see how we can deal with your complaint before you approach the Information Regulator.

 

15. DECLARATION

By your acceptance of the Privacy Policy and your continued use of the Services, you acknowledge:

  • You have read the contents of this policy;
  • You understood the contents of this policy;
  • You are in agreement with the contents of this policy;
  • You have no objections to your personal information being managed in this way by CASA and
  • That you have no questions regarding the contents of this policy.