top of page
Winelands Wellness Logo

Privacy Policy - Winelands Wellness Practice

Last Updated: 1 April 2026

1. Introduction and Responsible Party

Winelands Wellness (“the Practice”, “we”, “us”) is a psychiatric and multidisciplinary healthcare practice and is the Responsible Party for purposes of the Protection of Personal Information Act 4 of 2013 (POPIA).

Practice Details:
Winelands Wellness
Jan van Riebeeck Road

2nd Floor Polo Pavillion 

Val de Vie

Paarl

7646

2. Legislative Framework

This Privacy Policy is aligned with:
 

  • Protection of Personal Information Act 4 of 2013 (POPIA)

  • Promotion of Access to Information Act 2 of 2000 (PAIA)

  • National Health Act 61 of 2003

  • Mental Health Care Act 17 of 2002

  • Electronic Communications and Transactions Act 25 of 2002

  • Ethical Rules of the Health Professions Council of South Africa (HPCSA)
     

3. Nature of Personal Information Collected
 

We may collect and process the following categories of personal and special personal information:
 

  • Identifying information (name, ID/passport number, date of birth)

  • Contact details (email address, phone number, physical address)

  • Medical and mental health records (history, diagnoses, treatment plans, notes)

  • Medication and clinical information

  • Billing and payment information

  • Referral information (e.g., from other healthcare providers)

  • Emergency contact details

  • Correspondence (emails, messages, reports)

  • Telehealth and electronic consultation data

  • Website enquiry information (forms, emails submitted via the website)
     

As a healthcare provider, we process Special Personal Information, including health data, which receives enhanced protection under POPIA.
 

4. Purpose of Processing
 

Personal information is processed for the following purposes:
 

  • Provision of healthcare and psychiatric services

  • Diagnosis, treatment, and clinical record-keeping

  • Appointment scheduling and communication

  • Billing, invoicing, and payment processing

  • Compliance with legal and regulatory obligations

  • Risk management and patient safety

  • Internal administrative and operational purposes

  • Website enquiries and service-related communication
     

5. Lawful Basis for Processing
 

Processing is justified on one or more of the following lawful grounds:
 

  • Informed consent

  • Performance of a healthcare agreement

  • Compliance with legal obligations

  • Legitimate interest in providing healthcare services

  • Public interest in healthcare delivery

  • Protection of a vital interest (e.g., risk of harm)
     

6. Voluntary or Mandatory Supply of Information
 

The provision of certain personal information is mandatory for the delivery of healthcare services.

Failure to provide required information may result in:

  • Inability to render clinical services

  • Incomplete or unsafe treatment

  • Inability to process billing or claims
     

7. Disclosure of Personal Information
 

Personal information may be disclosed to:
 

  • Other healthcare professionals involved in your care

  • Medical schemes and billing administrators

  • Laboratories, pharmacies, or allied service providers

  • IT service providers and secure data hosting providers

  • Legal, regulatory, or governmental authorities where required

  • Emergency contacts where necessary to protect a vital interest
     

Disclosure occurs only where:
 

  • You have provided consent; or

  • It is legally required; or

  • It is necessary to prevent serious harm; or

  • It is required for legitimate healthcare purposes
     

8. Cross-Border Transfers
 

Your personal information may be stored or processed on systems located outside South Africa (for example, cloud-based services).Where this occurs, we take reasonable steps to ensure that:

 

  • The recipient is subject to laws or agreements providing adequate protection; or

  • Appropriate safeguards and confidentiality measures are in place
     

9. Security Safeguards
 

We implement reasonable technical and organisational safeguards, including:

  • Secure electronic systems

  • Access control and role-based permissions

  • Password protection and encryption where appropriate

  • Confidentiality agreements with staff and service providers
     

While reasonable measures are taken, absolute security cannot be guaranteed.
 

10. Data Breach Notification
 

In the event of a data breach, we will:
 

  • Take reasonable steps to contain and assess the breach

  • Notify affected data subjects where required

  • Report to the Information Regulator in accordance with POPIA
     

11. Record Retention
 

Clinical records are retained in accordance with:
 

  • HPCSA guidelines 

  • Applicable statutory limitation periods
     

Records are securely stored, archived, and destroyed when legally permissible.
 

12. Telehealth and Electronic Communication
 

Electronic communication and telehealth services carry inherent risks, including:
 

  • Interception

  • Data loss or corruption

  • Technical failure
     

By engaging in telehealth or electronic communication, you acknowledge these risks. Secure platforms are used where reasonably possible, but uninterrupted or error-free transmission cannot be guaranteed.
 

13. Data Subject Rights
 

You have the right to:
 

  • Request access to your personal information

  • Request correction or updating of inaccurate information

  • Object to processing where legally permitted

  • Request restriction or deletion where applicable

  • Withdraw consent (subject to legal and clinical limitations)
     

Requests may be directed to the Information Officer.
 

14. Complaints
 

If you believe your personal information has been processed unlawfully, you may lodge a complaint with:
 

The Information Regulator (South Africa)
Website: https://www.justice.gov.za/inforeg/
Email: complaints.IR@justice.gov.za
 

15. Information Officer
 

An Information Officer is appointed in terms of POPIA.
 

Information Officer Contact:

To be updated
 

The Information Officer is responsible for:

  • POPIA compliance

  • Handling data subject requests

  • Liaison with the Information Regulator
     

16. PAIA Manual
 

A PAIA Manual prepared in terms of Section 51 of PAIA is available upon request and outlines:

  • Categories of records held

  • Access request procedures

  • Applicable fees

  • Grounds for refusal where legally justified
     

17. Cookies and Website Use
 

The website may use cookies or similar technologies to:

  • Improve functionality

  • Analyse usage

  • Facilitate communication via forms

Users may disable cookies in their browser settings, although this may affect website functionality.
 

18. Amendments

This Privacy Policy may be updated from time to time. The most recent version will be published on the website.

bottom of page