Privacy Notice

Privacy Notice

Compsol Client Privacy Notice

Protecting your personal information is as important to us as it is to you. You trust us with your patient and employee information, and we respect that trust. For us, it is more than just complying with legislation; it is about supporting your business to protect and use information effectively and efficiently. This privacy notice explains why and how we collect, use and store personal information. If you have any questions, please contact us at popia@compsol.co.za 

This notice was last updated on 21 June 2021.

1. what this notice is about

We want you to understand who you are sharing your personal information with, what kind of information we are collecting and how we use the information.

This notice is for:

  • users of eCOIDA (medical service providers and employers)
  • users of our administration services
  • pre-funding clients and their patients
  • website visitors

The Protection of Personal Information Act aims to protect your personal information and prescribes what we must and must not do with it. Other legislation also applies to personal information. For instance, the Compensation for Occupational Injuries and Diseases Act prescribes what information must be submitted to make an injury on duty claim from the Compensation Fund. This means that we have to process your personal information in a certain way from time to time or keep it for a certain period.

We may have to change this privacy notice from time to time to accommodate changes in our services or when legal requirements change.

2. What information we collect

2.1 When you use eCOIDA

We collect this information from employers:

  • Name
  • Registration number
  • VAT number
  • Contact details
  • Compensation fund number
  • User name, ID number, position, contact details and sample signatures
  • Employee information loaded to eCOIDA

We collect this information to give you access to eCOIDA and to provide our administration services.

We collect this information from medical service providers:

  • Name
  • Registration number or ID number
  • BHF practice number
  • VAT number
  • Contact details
  • Bank account details
  • Compensation Fund or business partner number
  • User name, ID number, position, contact details and sample signatures
  • Patient information loaded to eCOIDA

We collect this information to give you access to eCOIDA, provide our administration services, and pay you.

2.2 When you use our administration services

We collect this information from medical service providers:

  • Name
  • Registration number or ID number
  • BHF practice number
  • VAT number
  • Contact details
  • Bank account details
  • Compensation Fund or business partner number
  • Injury on duty information

We collect this information to provide our administration services and to pay you.

2.3 When we provide pre-funding services

We collect this information from medical service providers:

  • Name
  • Registration number or ID number
  • BHF practice number
  • VAT number
  • Contact details
  • Bank account details
  • Compensation Fund or business partner number

We collect this information to purchase accounts and the right to claim from the Compensation Fund from medical service providers.

When a medical service provider sells an account to us, we collect all the information related to the account, including the patient details and information about the injury on duty. We collect this information to process the claim with the Compensation Fund.

2.4 When you contact our call centre
When you contact our call centre, we collect information that helps us categorise your query and respond to it. We record all calls to or from our call centre for quality control and records management purposes.

2.5 When we do marketing
We may collect medical service providers’ names and contact information from public-facing websites to contact them for marketing purposes. We will always tell you where we got your information from and ask your permission to contact you for marketing purposes.

3. Why we need personal information

We use personal information to:

  • provide our services
  • give users access to eCOIDA
  • pay out successful claims from the Compensation Fund
  • provide support to clients and users
  • send statements and other legal documents
  • comply with legal obligations
  • ensure the quality of our service
  • market our services

Our call centre records their calls for quality control and record-keeping purposes.

4. Who we share your personal information with

We may share your personal information with our service providers who help us deliver our services to you. We have agreements in place to ensure that they keep your information safe and only use your information with our permission.

When we purchase accounts from a medical service provider as part of our pre-funding service, we share the medical service provider’s and patient’s information with the Compensation Fund to submit and manage injury on duty claims. The Compensation Fund determines the system where information must be submitted, and the type of information required. You can read more about their privacy undertakings here.

We use Microsoft 365 to store information, including client information. Microsoft stores all our content in the European Union. We believe that Microsoft provides an adequate level of protection for the personal information we store with them. You can read more about their privacy undertakings here.

Sometimes we need to disclose your information to a third party:

  • if we believe that disclosure is reasonably necessary to comply with the law, legal process, or a government request;
  • to enforce our contracts and policies;
  • to protect ourselves, clients, and the public from illegal activity; or
  • to respond to an emergency which we believe in good faith requires that we disclose personal data.

If there is a change in our company structure or ownership, we may share your information as part of the assets transferred or the due diligence for the transaction.

5. Your rights and preferences

You have the right to:

  • ask what personal information we have about you;
  • ask what personal information we sent to our suppliers, service providers, or anyone else;
  • ask us to update, correct, or delete any out-of-date or incorrect personal information we have about you;
  • unsubscribe from any direct marketing communications we may send you,
  • object to the processing of your personal information in certain circumstances; and
  • complain about our practices with the Information Regulator.

It can take us up to 21 days to respond to your request because there are procedures that we need to follow.

In some instances, we may require proof of your identity, and sometimes we may have additional requirements before updating your information.

You can update your information on eCOIDA at any time.

6. We have implemented security measures to protect information

We have implemented reasonable security safeguards to protect the personal information that you provide. For example, we have implemented multi-factor authentication for all users of our systems.

We regularly monitor our systems for possible vulnerabilities and attacks. As no measure is perfect, we cannot guarantee that information may not be accessed, disclosed, altered or destroyed by a breach of any of our physical, technical or managerial safeguards. We have measures in place to minimise the threat to your privacy in the event of a security breach. We will let you know of any breaches that affect your personal information.

If you suspect that we (or you) have had a security breach, please notify us immediately by sending an email to popia@compsol.co.za . Please include as much information as you can.