Last Updated: 20 November 2025

This Privacy Policy outlines the manner in which Zenty Online (Pty) Ltd ("Zenty Online", "we", "us", "our") collects, uses, maintains, and discloses Personal Information from users ("User", "you", "your") of the Zenty Online platform, including our website and mobile applications ("Platform"). This policy is drafted in accordance with the laws of the Republic of South Africa, primarily the Protection of Personal Information Act 4 of 2013 (POPIA).

1. Definitions

   1. "Data Subject" refers to the person to whom Personal Information relates, including both Patients and Service Providers using the Platform.
   2. "HPCSA" means the Health Professions Council of South Africa.
   3. "NHA" means the National Health Act 61 of 2003.
   4. "Patient" means a User who requests healthcare services through the Platform.
   5. "Personal Information" has the meaning ascribed to it in POPIA and includes, but is not limited to, information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person. This includes contact details, demographic information, financial information, and correspondence.
   6. "POPIA" means the Protection of Personal Information Act 4 of 2013.
   7. "Processing" means any operation or activity concerning Personal Information, including its collection, use, storage, dissemination, and destruction.
   8. "Responsible Party" means Zenty Online, as we determine the purpose of and means for Processing Personal Information.
   9. "Service Provider" means a registered healthcare professional (e.g., doctor, nurse, therapist) who offers services on the Platform.
   10. "Special Personal Information" includes, as defined in POPIA, information concerning a Data Subject's health, biometric information, or criminal behaviour. For the purposes of this Policy, it primarily refers to health-related information.

2. Scope and Consent

   1. This Policy applies to all Users of the Zenty Online Platform within the Republic of South Africa.
   2. By registering an account and using our Platform, you signify your acceptance of this Policy. You expressly consent to the Processing of your Personal Information, including Special Personal Information, for the purposes outlined herein. If you do not agree to this Policy, you must not use our Platform.
   3. Where the User is a minor (under the age of 18), consent must be provided by a competent person, such as a parent or legal guardian, in accordance with the Children's Act 38 of 2005.

3. Information We Collect

   1. We collect Personal Information that is necessary to provide our services and operate our Platform effectively. The information collected includes:
      1. Information from Patients:
         • Identity and Contact Data: Full name, date of birth, identity number, physical address (for house calls), email address, and telephone number.
         • Special Personal Information (Health Data): Medical history, reported symptoms, pre-existing conditions, prescriptions, diagnostic results, and other health-related information you provide when booking a service or using the health vault feature. This information is collected only with your express consent as required by Section 27 of POPIA.
         • Financial Data: Credit or debit card information, processed through a secure third-party payment gateway.
      2. Information from Service Providers:
         • Identity and Professional Data: Full name, identity number, contact details, HPCSA registration number, practice number, qualifications, and areas of specialisation.
         • Financial Data: Bank account details for the purpose of remitting service fees.
         • Location Data: Real-time or background location data to facilitate the dispatch for house calls and to connect you with nearby Patients.
      3. Technical Data: IP address, browser type, device information, and usage data collected automatically when you interact with our Platform, often through cookies.

4. Purpose and Use of Information

   1. We Process your Personal Information for specific, explicit, and legitimate purposes, in compliance with Condition 2 of POPIA. These purposes include:
      1. To facilitate the provision of healthcare services, including connecting Patients with Service Providers for house calls.
      2. To enable Service Providers to assess, diagnose, and treat Patients.
      3. To process payments for services rendered, as detailed in Clause 5.
      4. To verify the credentials and good standing of Service Providers with the HPCSA.
      5. To operate, maintain, and improve the Platform, including customer support and troubleshooting.
      6. To communicate with you regarding bookings, updates, and support requests.
      7. To comply with legal and regulatory obligations, including those under the NHA and as stipulated by the HPCSA.
   2. We will not Process Special Personal Information (health data) for any purpose other than providing the healthcare service you have requested, except where required by law or with your further express consent.

5. Financial Transactions and Commission Model

   1. Zenty Online facilitates payments from Patients to Service Providers. To this end, we Process financial information as an integral part of our service, in line with the Consumer Protection Act 68 of 2008 (CPA) and the Electronic Communications and Transactions Act 25 of 2002 (ECTA).
   2. When a Patient books and pays for a service, the payment is processed via a secure, PCI-DSS compliant third-party payment gateway. We do not store your full credit or debit card details on our servers.
   3. The total amount paid by the Patient comprises the Service Provider's fee for the medical service.
   4. Zenty Online's revenue is generated by retaining a five percent (5%) commission from the Service Provider's fee. This commission is our charge for facilitating the connection, managing the booking, and processing the payment through the Platform.
   5. The remaining ninety-five percent (95%) of the fee is remitted to the Service Provider's designated bank account. The collection and use of the Service Provider's banking details are solely for this remittance purpose.

6. Disclosure of Personal Information

   1. Your Personal Information is treated as confidential. We will not disclose it to third parties except as provided for in this Policy and as permitted by law.
   2. Disclosures may be made to:
      1. The specific Service Provider you have booked, or the Patient you are scheduled to treat. This sharing is fundamental to the service. All Service Providers are bound by a legal and ethical duty of confidentiality as per the NHA and HPCSA guidelines.
      2. Third-party service operators (e.g., payment gateways, cloud hosting providers) who assist us in operating our Platform. These operators are contractually bound to protect your information and may not use it for their own purposes.
      3. Partner laboratories or diagnostic facilities, but only with your explicit consent for a specific referral.
      4. A court of law or statutory body where we are legally compelled to do so (e.g., by a court order or as required by the NHA for notifiable medical conditions).
      5. Emergency services in the event of a medical emergency where you are unable to provide consent.
   3. We will never sell, trade, or rent your Personal Information to third parties for marketing purposes.

7. Data Security and Retention

   1. We implement appropriate technical and organisational security measures to protect your Personal Information against accidental loss, unauthorised access, alteration, or disclosure. These measures include data encryption, access controls, and secure server environments.
   2. We retain Personal Information only for as long as is necessary to fulfil the purposes for which it was collected, or to comply with legal, accounting, or reporting requirements. Medical records will be retained in line with the retention periods stipulated by the HPCSA's ethical guidelines.

8. Your Rights as a Data Subject

   1. In accordance with POPIA, you have the right to:
      1. Access Your Information: Request a copy of the Personal Information we hold about you.
      2. Request Correction: Request the correction of any inaccurate or incomplete Personal Information.
      3. Request Deletion: Request the deletion of your Personal Information where there is no compelling reason for its continued Processing.
      4. Object to Processing: Object to the Processing of your Personal Information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object.
      5. Withdraw Consent: Withdraw your consent to Processing at any time. Please note that withdrawing consent may impact our ability to provide services to you.
      6. Lodge a Complaint: Lodge a complaint with the Information Regulator of South Africa if you believe we have not complied with the provisions of POPIA.
   2. To exercise any of these rights, please contact our Information Officer using the details provided in Clause 10.

9. Changes to This Privacy Policy

   1. Zenty Online reserves the right to update this Privacy Policy at any time. When we do, we will revise the "Last Updated" date at the top of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the Personal Information we collect.

10. Information Officer and Contact Details

    1. We have appointed an Information Officer who is responsible for overseeing compliance with this policy and POPIA. Should you have any questions about this Privacy Policy or our privacy practices, please contact our Information Officer at:
       • Information Officer: [Name of Information Officer]
       • Email: [privacy@zentyonline.co.za]
       • Address: [Company Physical Address, South Africa]