Dr Mahdiyyah Hoosen Inc
Kindly note: we only provide Services within South Africa, to adults 18 years and older.
Privacy and Access to Information Policy
1. INTRODUCTION
1.1. This Privacy Policy outlines how Dr Mahdiyyah Hoosen Inc ("we", "us", "our") collects, processes, stores, and protects your personal information in compliance with the Protection of Personal Information Act, 4 of 2013 ("POPIA").
1.2. By using our online services at https://brainwaveshealth.com, you agree to the collection and processing of your personal information as described in this Privacy Policy.
2. PERSONAL INFORMATION WE COLLECT
2.1. We may collect and process the following types of personal information: a) Identity information (e.g., full name, ID number, date of birth); b) Contact details (e.g., email address, phone number, physical address); c) Medical information (e.g., health history, prescriptions, treatment records); d) Payment details (e.g., billing information, medical aid details); e) Technical data (e.g., IP address, browser type, device information).
3. HOW WE COLLECT YOUR PERSONAL INFORMATION
3.1. We collect personal information directly from you when you: a) Book an appointment via our online platform; b) Consult with our healthcare professionals via in-person or telemedicine services; c) Complete forms on our website or mobile applications; d) Subscribe to newsletters or request information from us; e) Make payments for our services.
4. PURPOSE OF PROCESSING PERSONAL INFORMATION
4.1. We process your personal information for the following purposes: a) Providing healthcare services and telemedicine consultations; b) Managing your medical records and treatment history; c) Facilitating online appointment scheduling and patient communication; d) Processing payments and medical aid claims; e) Complying with legal and regulatory obligations; f) Improving our online services and user experience.
5. SHARING OF PERSONAL INFORMATION
5.1. We will not sell, rent, or distribute your personal information. However, we may share it with: a) Healthcare professionals within our practice for treatment purposes; b) Third-party service providers who assist in delivering our online services (e.g., payment processors, medical aid schemes, IT support); c) Regulatory and law enforcement authorities when required by law; and d) We may share your personal information with external healthcare professionals for referral purposes, provided you have given explicit consent.
6. DATA SECURITY
6.1. We implement appropriate technical and organisational measures to protect your personal information from unauthorised access, loss, or misuse.
6.2. While we take all reasonable measures to protect your data, no online transmission can be guaranteed to be completely secure.
7. RETENTION OF PERSONAL INFORMATION
7.1. We retain personal information for as long as necessary to fulfil the purposes outlined in this policy or as required by applicable law.
7.2. Medical records will be retained for at least 6 years in compliance with the Health Professions Council of South Africa (HPCSA) guidelines.
8. YOUR RIGHTS
8.1. Under POPIA, you have the right to: a) Access your personal information; b) Request corrections to inaccurate or incomplete information; c) Object to the processing of your personal information under certain circumstances; d) Request the deletion of your personal information where legally permissible; e) Lodge a complaint with the Information Regulator if you believe your rights have been infringed.
9. COOKIES AND ONLINE TRACKING
9.1. Our website may use cookies and similar technologies to enhance user experience and collect analytical data.
9.2. You can modify your browser settings to refuse cookies; however, this may affect certain website functionalities.
10. DISCLOSURE OF DATA
10.1. Dr Mahdiyyah Hoosen Inc may disclose your Personal Data in the good faith belief that such action is necessary to:
-
comply with a legal obligation
-
protect and defend the rights or property of Dr Mahdiyyah Hoosen Inc
-
prevent or investigate possible wrongdoing in connection with the Service
-
protect the personal safety of users of the Service or the public
-
protect against legal liability
10.2. Every user is entitled to the following data protection rights:
-
The right to access: You have the right to request the Service for copies of your personal data. You may be charged a small fee for this service.
-
The right to rectification: You have the right to request that the Service correct any information you believe is inaccurate. You also have the right to request the Service to complete the information you believe is incomplete.
-
The right to erasure: You have the right to request that the Service erase your personal data, under certain conditions.
-
The right to restrict processing: You have the right to request that the Service restrict the processing of your personal data, under certain conditions.
-
The right to object to processing: You have the right to object to the Service’s processing of your personal data, under certain conditions.
-
The right to data portability: You have the right to request that the Service transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have 30 days to respond to you.
10.3. Security of Data: The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
10.4. Service Providers: We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
10.5. Analytics: We may use third-party Service Providers to monitor and analyse the use of our Service.
10.6. Google Analytics: Google Analytics is a web traffic analysis tool. You can read the Privacy Policy for Google Analytics here.
10.7. Links to Other Sites: Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
10.8. Children’s Privacy: Our Service does not address anyone under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
11. CHANGES TO THIS PRIVACY POLICY
11.1. We reserve the right to update this Privacy Policy from time to time.
11.2. Any changes will be communicated via our website or other appropriate channels.
12. CONTACT INFORMATION
12.1. If you have any questions or concerns about this Privacy Policy, please contact us at: Dr Mahdiyyah Hoosen Inc.
Email: mahdiyyah.hoosen@gmail.com. Phone: 072 800 2051 Address: 29 Klipfontein road, Mowbray. Cape Town. 7700.
​
BY USING OUR WEBSITE AND/OR MAKING USE OF OUR SERVICES, YOU AGREE TO OUR BILLING POLICY AND TERMS & CONDITIONS. PLEASE READ THESE TERMS CAREFULLY BEFORE USING OUR SITE OR SERVICES.
Effective date 10 March 2025