Privacy Policy
This Privacy Policy provides information on the collection, use, sharing and processing of personal information by Reach Digital Health NPC (“Reach”) and its affiliates in connection with your use of Reach websites and any Reach websites and social media pages that link to this Privacy Policy, your interactions with Reach, whether in person or online, and your use of Reach’s products and services (“the Services”). This Privacy Policy also explains the choices you have in relation to these processing activities and is guided by the Protection of Personal Information Act No.4 of 2014 and the Promotion of Access to Information Act No. 2 of 2000.
In terms of your contractual relationship with Reach we obtain Personal Information (“PI”) as defined by the Data Protection Legislation about any person, including a natural person, a company, a body corporate, an association, a joint venture, a partnership, a trust and any entity capable of suing and being sued, who visit and/or use Reach’s websites or social media pages, attendees at Reach events, customers and prospective customers and their representatives, suppliers and channel partners, including their representatives and any/all Reach’s employees; (hereinafter referred to as “you/your”), as our client and potentially in turn, the PI of your clients/end users. We want you to understand who you are sharing your PI with, what kind of information we are collecting and how we use it.
This Policy does not apply to non-Reach websites, products, services, applications or social networks that you may link to when interacting on Reach websites or platforms. The use of non-Reach offerings may lead to other parties processing your personal information and their privacy policies should be reviewed before you interact with them as Reach does not have control over these offerings.
PI does not include any anonymous, de-identified, or statistical information – provided that it cannot be linked back to you or any identifiable entity or person (such as a person or company, etc).
This Privacy Policy forms part of any contractual relationship that we have with you and must be read together with any signed Data Processing Addendum.
Reach may change this Privacy Policy from time to time. If there is an important change, Reach will inform you about such change in an appropriate way, such as a pop-up notice or a statement of the changes on our website or platforrms. Your continued interaction with and use of Reach Services will constitute your consent to the current version of this Privacy Policy.
What We Collect
Reach collects information through your interaction with and use of Reach offerings, including:
Internet Protocol address (“IP address”) and information derived from your IP address, such as your geographic location, your company or when you access Reach websites or platforms;
your company logo for display on Reach websites or platforms as recognition of the relationship that exists between you and Reach;
information about the device that you use to access Reach websites or platforms, such as device type and version, mobile device identifier, browser type, operating system, the presence or use of applications or information about your preferred language;
information about the company that you work for, such as the name, size, location, industry or its public officers;
behavioural or demographic attributes, when tied to PI that identifies you;
behavioural data about the internet connected device you use when interacting with Reach websites, such as webpages clicked, content areas visited and time spent on webpages, content downloaded, date and time of activities, how often you access Reach websites or the web search used to locate and navigate to a Reach website;
transactional data, including products and Services that you have enquired about or are using;
your activities in relation to Reach offerings, the support issues you have logged;
your use and navigation of Reach websites and your use of the Services, products, tools and material made available by way of Reach websites;
aggregated information relating to the use of Reach offerings, such as which features or aspects of Reach offerings are used the most or the least or any errors or problems that are registered in respect of specific features or aspects of the Reach offerings.
In some instances, Reach may combine other information with PI. If Reach combines other information with PI, Reach will treat the combined information as PI.
How we use this Information
1. We use this information to: -
Design improved products and services that address and support real needs;
enable us to operate and provide Services to you in accordance with any contract with you;
keep you informed about the Services, features, surveys, newsletters, offers, contests and events we think you may find useful or which you have requested from us;
market Reach Services and products to you. You may opt out of these marketing Services;
better understand your needs and the needs of users in the aggregate, diagnose problems, analyze trends, improve the features and usability of the Services, and better understand and market to our customers and users;
keep our Services safe and secure;
communicate with you about your account including to contact you to provide support and respond to your comments and questions;
verify security and authentication;
make sure that you actually exist (that you are not a fraudster) and to ensure the accuracy of the information you provided to us;
comply with any legislation or regulation which requires us to collect the information;
check your references.
2. When you use our Services, ‘client data’ is generated and collected. This includes your, and your account users’ PI (name, contact details, etc.), call or messaging logs, traffic routing information and the content of communications sent through or integrated with our Services (e.g. the content of your SMSs, emails or chats).
3. There are many reasons why we have to collect ‘client data’:
You are able to view some of the information through your contractual relationship with us.
We may need some of the information (for instance the content of your messages) to provide our Services.
We use the data to manage and route traffic, to analyze and improve our Services and to identify and solve problems.
We use data to improve health systems for all/vulnerable communities.
Sometimes we are required by law to have this information to assess and report on whether you are complying with all regulatory requirements.
Who are you sharing your information with?
Reach uses and shares the PI it collects (unless otherwise restricted by applicable law):
globally between and amongst Reach and its affiliated entities Praekelt PBC, Benefit Corporation (“Turn.io”) and Praekelt.org Foundation 501(c)(3). Reach employees are authorised to access PI only to the extent necessary to serve the applicable purpose and to perform their job functions;
with third parties who provide Services to Reach subject to such parties signing a necessary DPA and non-disclosure agreement to protect your PI; and
with your consent.
Reach uses and shares the PI in good faith and as it believes to be necessary or appropriate:
under applicable law, including laws outside your country of residence or business;
to comply with legal process;
to respond to requests from public and government authorities, including public and government authorities outside your country of residence or business, for national security and/or law enforcement purposes;
To improve service delivery to our end-users (within a public benefit framework);
to enforce Reach’s terms and conditions;
to allow Reach to pursue available remedies or limit the damages that Reach may sustain; and/or
with the relevant third party in the event of a reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of Reach’s business, assets or shares (including in connection with any bankruptcy or similar proceedings).
When Reach shares PI with third parties, Reach requires that your PI is processed only to the extent that such processing is necessary and subject to terms consistent with this Privacy Policy.
Reach does not sell or rent your PI to third parties for any purpose.
Reach may use, transfer and disclose other information, which is not PI, that Reach collects for any purpose, such as statistical information about visitors to Reach websites, except where applicable law requires otherwise.
Another Person’s Information
If you share any PI with Reach that relates to another person (“Data Subject”) you warrant and undertake to and in favour of Reach that:
you are in lawful possession and control of the PI and that you have the consent of the Data Subject to allow Reach to process and in any other manner use such PI for the purpose for which it was collected or made available and as contemplated in this Privacy Policy;
the Data Subject has consented to the Data Subject’s PI being processed in a country that is different to the Data Subject’s country of residence or business;
you will promptly inform Reach in writing in the event that a Data Subject requests that its PI be updated or in the event that a Data Subject withdraws the consent;
you will be responsible for ensuring the correctness or accuracy of the Data Subject’s PI that is processed by Reach.
For What Period Does Reach Retain Personal Information
The time periods for which Reach keeps your PI may vary according to the use or purpose attached to the PI. Reach will keep your PI (i) only for as long as it is required to fulfill the purpose for which the PI was collected or for which it is to be processed or (ii) until you withdraw your consent. However, where Reach is required by applicable law to retain your PI longer or where your PI is required for Reach to assert or defend against legal claims, Reach will retain your PI until the end of the relevant retention period or until the claims in question have been settled.
At the end of the retention period, Reach will delete or anonymise your PI in a manner designed to ensure that it cannot be reconstructed or read.
How do we store and secure your Personal Information?
We use reasonable technical and organisational safeguards designed to protect your PI from unauthorised or unlawful processing, accidental loss, misuse, unauthorised access, disclosure, alteration and destruction. We store and secure your information in accordance with our Data Storage and Security Measures Policy and DPA.
However, despite our best efforts, no security controls are 100% effective and we cannot guarantee the security of your PI. In the event that your PI is acquired, or is reasonably believed to have been acquired, by an unauthorised person and applicable law requires notification, we will give you notice promptly. We will determine the scope of the breach, investigate and restore the integrity of the data system.
The client data that we collect from you is stored on Cloud Servers of Amazon Web Services (“AWS ZA”).
How Reach transfers PI it collects internationally
Reach collects and shares information globally.
For purposes of providing the Reach offerings to you, Reach may transfer, process and store your PI outside your country of residence or business to wherever Reach or its third party service providers operate. In some of these countries, such as the United States, the privacy protections and rights of authorities to access PI may not be equivalent to those applicable to your country of residence or business. However, in such circumstances Reach requires that any processing of your PI in such a country will be subject to the provisions of this Privacy Policy.
Why do we use cookies
We make use of cookies on our website to identify your web browser, to analyze how our website and online Services perform, are used and to make improvements to ensure our website remains useful, effective and efficient.
Cookies will be used to save your email address and name so the next time you visit your account from the same device we will have a record and will remember your email address and name to make your experience faster and simpler.
You can manage your communication preferences on your account.
What are your Data Protection Rights?
We want to ensure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
Right to be informed - As a data subject, you have a right to obtain access and information under the conditions provided in the Data Protection Legislation.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Right to withdraw consent - Where the processing of your data relies on your prior consent, you have the right to withdraw such a consent at any time by notifying us. By withdrawing your consent, the lawfulness of the processing based on consent up until the point of withdrawal will not be affected.
The right to lodge a complaint: If you think we have processed your PI unfairly or unlawfully, or we have not complied with your rights, you have the right to complain to a national data protection authority. Contact details for data protection authorities are available here.
To submit any request to us, please contact us at the address in the next paragraph for more information.
For natural and juristic persons who reside in the Republic of South Africa, you can request that Reach restricts its processing of your PI (i) if you contest the accuracy of the PI and then for a period enabling Reach to verify the accuracy of your PI; (ii) if there is no legal basis for Reach to process your PI and you oppose Reach’s erasure of such PI; (iii) if Reach no longer needs your PI for the purposes of processing same but you claim that you require Reach to retain such information in order to claim or exercise legal rights or to defend against third party claims; or (iv) if you object to the processing of your PI, for as long as it is required to review as to whether Reach has a prevailing interest or legal obligation in processing your PI. If you request a copy of your PI, to the extent that Reach can comply with such a request, it will provide you with that information in a machine-readable form.
General Clauses
This Privacy Policy records the entire understanding and agreement between Reach and you with respect to the subject matter hereof. No party shall be bound by any express or implied term, representation, warranty, promise or the like not recorded in this Privacy Policy.
In the event that any provision of this Privacy Policy is or may become illegal, invalid, unlawful or unenforceable in any jurisdiction affected by this Privacy Policy, such provision as to such jurisdiction, shall be ineffective to the extent of such prohibition or unenforceability and shall be treated as not written in this Privacy Policy and severed from the balance of this Privacy Policy, without invalidating the remaining provisions of this Privacy Policy or affecting the validity or enforceability of such provision in any other jurisdiction.
Reach’s failure to enforce any provision of this Privacy Policy will not constitute a waiver of such provision or affect in any way Reach’s right to require the performance of such provision at any time in the future.
You shall not be entitled to cede or assign your rights or delegate your obligations in terms of this Privacy Policy to any third party without Reach’s prior written consent.
The termination of your relationship with Reach, for any reason, or the cessation of your use of Reach offerings shall not affect the provisions of this Privacy Policy as expressly provide that they will operate after any such termination or cessation or which of necessity must continue to have effect after such termination or cessation notwithstanding that the provisions themselves do not expressly provide for this.
No provision in this Privacy Policy shall be construed against or interpreted to the disadvantage of Reach by reason of Reach having or being deemed to have structured, drafted or introduced such provision.
Reach’s Contact Details
If you believe that your PI has been used in a way that is not consistent with this Privacy Policy or your choices, or if you wish to submit a request to Reach regarding your PI or if you have any questions or comments related to this Privacy Policy, please address same in writing to the Information Officer at:
Email address: popia@reachdigitalhealth.org
Physical address: 50 Smits Road, Dunkeld 2196 Johannesburg