EPIONE PLATFORM - PATIENT PRIVACY POLICY

THIS EPIONE PLATFORM PRIVACY POLICY APPLIES TO HOW WE COLLECT, USE AND PROCESS YOUR INFORMATION WHEN YOU USE THE EPIONE PLATFORM. PLEASE READ THIS PRIVACY POLICY CAREFULLY. YOU CAN PRINT A COPY OF THIS PRIVACY POLICY FROM OUR WEBSITE AT www.epione.net

1.1                   Important Clauses

If you are a consumer, as defined in the Consumer Protection Act 68 of 2008 ("Consumer Protection Act") we have a duty to point out certain important terms to you. The paragraphs which contain these important terms and reasons why they are important are set out below.

1.1.1                           Limitation of risk, legal responsibilities and liability. Clauses 9, 12 and 16 are important because they limit and exclude obligations, liabilities and legal responsibilities that we may otherwise have to you. As a result of these clauses, your rights and remedies against us and these other persons and entities are limited and excluded. These clauses also limit and exclude your right to recover or make claims for losses, damages, liability or harm you or others may suffer. These paragraphs states that you know and accept that the Internet is not absolutely secure and there is a risk that your Personal Information will not be secure when transmitting over the Internet.

1.1.2                           Assumption of risk, legal responsibilities and liability by you. Clauses 12 and 16 are important because you take on risk, legal responsibilities and liability. As a result of these clauses, you may also be responsible for claims and other amounts. You will also be responsible for, and you accept, various risks, damages, harm, and injury which may be suffered by you and others for what is stated in these clauses. These clauses waive your rights, and as a result, we may not have to perform our duties and you may not become aware of information that you may need to protect yourself.

1.1.3                            Acknowledgements of fact by you. Clauses 1.3, 6 and, 7.2 are important because they each contain statements which are acknowledgements of fact by you. You will not be able to deny that the statements are true. We may take action against you and may have claims against you as a result of these statements. You will not be able to take any action against us if you suffer harm as a result of these statements.

2.         Introduction and scope

2.1                   EpioneNet Limited ("Epione" or "we" or "us" or "our") makes available the epione.net platform (the "Platform") through which patients, such as you, as well as primary care clinicians (general practitioners, dentists and optometrists) ("Practitioners"), medical specialists ("Specialists"), healthcare facilities ("Facilities"), whom are registered to use the Platform, can schedule appointments, share patient case files and information, and obtain a holistic view of a patient's treatment, which information will all be made available on the Platform (collectively, the "Content"). Please note that any information that you upload to the Platform will remain your property ("Your Content").

2.2                   Epione strives to ensure that our use of Personal Information of users of the Platform is lawful, reasonable, and relevant to our business activities, with the ultimate goal of improving our offerings, the Platform and your experience.

2.3                   This Epione Platform Privacy Policy (this "Privacy Policy") sets out what we will do with any Personal Information (defined in paragraph 4.1 below) we collect from or about you, or that you provide to us, when you use the Platform. Please read this Privacy Policy carefully to understand our views and practices regarding your Personal Information and how we will treat it.

3.         What is Personal Information?

3.1                   "Personal Information" refers to private information about an identifiable person, which includes your name and surname, contact details (e.g. your e-mail address) and employment details.

3.2                   Other information which might be "Personal Information" may include:

3.2.1                            "Access Device and Access Device event information": We may collect information such as your IP address, unique device identifier, the nature of the devices ("Access Device") which you use to install, download, access or use the Content and/or the Platform (e.g. a computer, tablet or smart phone, and which type thereof), the geographic location from which you installed, downloaded, accessed or used the Content and/or the Platform (i.e. the geographic location of your Access Device), hardware model and settings, operating system type and version, browser language, system activity, crashes;

3.2.2                            "identifying information". We may collect information pertaining to your identity, including your national identity number and/or passport number, your e-mail address, physical address, telephone number, location information, online identifiers, medical aid membership details and any other particular assignment given to you by the Practitioner, Specialist and/or Facility;

3.2.3                            "correspondence". We may process information pertaining to correspondence sent by you, or to you, that is implicitly or explicitly of a confidential nature, which may include correspondence between you and your Practitioner, Specialist and/or Facility;

3.2.4                            "log information": When you install, download, access or use the Content and/or the Platform, we may automatically collect and store certain information in server logs (i.e. our web servers automatically record and maintain a log of your activities), which may include your "activity information", such as details of how, when and for how long you accessed the Platform, your payment history, what features you utilised, the Practitioners, Specialists and/or Facilities that you searched for or that reviewed Your Content; what Content you accessed, the amount of Content viewed, the frequency that you viewed Content, the order or sequence in which you viewed Content, and the amount of time spent on the specific Content. We may also combine the log information with other information to flag abnormal activities.

3.2.5                            "location information": We may use various technologies to determine your actual location, such as geographical data from your Access Device (which is usually based on the IP location);

3.2.6                            "medical information". We may collect information concerning your appointments with Practitioners, your referrals to Specialists; your patient case files and information (including medical test results and medication prescribed to you by the Practitioners and Specialists), including consultation notes of Practitioners and Specialists and your treatment at Facilities ; and

3.2.7                            "unique application numbers": Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to us and our service providers when you install or uninstall such a service or when that service periodically contacts our servers, such as for automatic updates.

4.         You consent to the Processing of your Personal Information on the terms and conditions set out in this Privacy Policy

4.1                   When a person ("user", "you", or "your") installs, downloads, accesses and/or uses the Platform or any of Content that we make available on the Platform, you are also agreeing to this Privacy Policy. If you do not agree to this Privacy Policy, you must not, and you are not allowed, to install, download, access or use the Platform or the Content.

4.2                   By agreeing to this Privacy Policy, you provide us with your express consent and agreement that we may collect, get, receive, record, organise, collate, store, update, change, retrieve, read, process, analyse, use and share your Personal Information in the ways set out in this Privacy Policy. When we do one or more of these actions with your Personal Information, we are "Processing" your Personal Information.

4.3                   By using the Platform, you expressly consent to Practitioners and Specialists (with whom you consult) and who are also registered to use this Platform, uploading Content, including medical information, to the Platform and share the Content and Your Content as contemplated in the Terms of Use and this Privacy Policy.

5.         When will we Process your Personal Information?

5.1                   In addition to paragraph 5 below, Personal Information may be Processed by us in several ways, including, when:

5.1.1                            you access, use, install and/or download the Platform or the Content on your Access Device;

5.1.2                            you register to use the Platform;

5.1.3                            a Practitioner, Specialist and/or Facility accesses your Personal Information;

5.1.4                            you access, browse or make use of the Platform or the Content;

5.1.5                            you submit your Personal Information to us for any other reason; and

5.1.6                            you contact us, by email or telephonically, with any queries or by posting a question through the Platform.

6.         How we collect your Personal Information

6.1                   We collect your Personal Information in three ways, namely:

6.1.1                            actively from you;

6.1.2                            passively from your Access Device when you access and/or use the Platform; and

6.1.3                            from third parties, including your Practitioner, Specialist and/or Facility.

6.2                   Active collection from you

6.2.1                            We may require you to submit certain information in order for you to register to use the Platform or when you communicate directly with us, for example via e-mail, feedback forms, site comments and forums.

6.2.2                            If you contact us, we may keep a record of that correspondence.

6.2.3                            The information we may actively collect from you may include your:

6.2.3.1                                     identifying information (e.g. your name, surname, employment information);

6.2.3.2                                     contact details (e.g. e-mail address);

6.2.3.3                                     correspondence;

6.2.3.4                                     information pertaining to your health status and medical history; and

6.2.3.5                                     any other information that we may request from you from time to time.

6.3                   Passive collection from your Access Device

6.3.1                            We passively collect some of your Personal Information from the Access Device which you use to access and navigate through the Platform and/or the Content, using various technological means, for instance, using server logs to collect and maintain log information.

6.3.2                            The information which we may passively collect from your Access Device may include your identifying information, contact details, Access Device and Access Device event information, activity information, log information, location information, unique application numbers, and any other information which you permit us, from time to time, to passively collect from your Access Device.

6.4                   Collection from third parties

6.4.1                            We may collect some of your Personal Information from third parties registered to and using the Platform, including your Practitioner, Specialist and/or Facility,

6.4.2                            The information that we may collect from a third party includes:

6.4.2.1                                     your identifying information;

6.4.2.2                                     correspondence;

6.4.2.3                                     your medical information; and

6.4.2.4                                     any other information that we may request about you from the third party from time to time that is relevant to the Platform and our agreement with you.

6.4.3                            By accepting the Terms of Use, and the provisions of this Policy, you hereby consent to us collecting your Personal Information from a third party.

7.         How we use your Personal Information

7.1                   We use the information we collect to provide, maintain, and improve the Platform and the Content, to develop new services, and to protect us, our services and our users. We also wish to improve our users' experience, and so we also use the information we collect for this purpose.

7.2                   We may also use your Personal Information:

7.2.1                            to retain and make information and the Content available to you on the Platform;

7.2.2                            to create your user account and allow use of the Platform;

7.2.3                            to identify participating Practitioners, Specialists and Facilities that may offer services to you;

7.2.4                            to enable participating Practitioners, Specialists and/or Facilities to view and share information about you, including medical information and your medical history;

7.2.5                            maintain and update our customer, or potential customer, databases, as well as our databases of Practitioners, Specialists and/or Facilities;

7.2.6                            to establish and verify your identity on the Platform;

7.2.7                            diagnose and deal with technical issues and customer support queries and other user queries;

7.2.8                            operate, administer, maintain, secure and develop the Platform and the performance and functionality of the Platform;

7.2.9                            detect, prevent or deal with actual or alleged fraud, security or the abuse, misuse or unauthorised use of the Platform and/or the Content, as well as any contravention of this Privacy Policy or the Terms of Use that applies to the Platform;

7.2.10                          communicate with you and keep a record of our communications with you and your communications with us;

7.2.11                          inform you about any changes to the Platform, the Platform Terms of Use, this Privacy Policy or other changes which are relevant to you;

7.2.12                          to create user profiles and to analyse and compare how you and other users make use of the Platform and the Content and which Content you and other users make use of, including (without limitation) habits, click-patterns, preferences, frequency and times of use, trends and demographics;

7.2.13                          to analyse and compare the kinds of Access Devices that you and other users make use of and where you are using them; and

7.2.14                          for other purposes relevant to our business activities, provided they are lawful.

8.         Compulsory information and consequences of not sharing with us

Only your identifying information constitutes compulsory information. Device and Device event information, log information and unique application numbers, as detailed in clause 3.2 above, are automatically collected. If you do not provide us with the compulsory information, you will not be able to create an account on the Platform. All other information is optional. However, if you do not agree to share the remaining information with us, then you will not be able to make full use of the features that are offered to users of the Platform.

9.         Sharing of your Personal Information

9.1                   We will not intentionally disclose, for commercial gain or otherwise, your Personal Information other than as set out in this Privacy Policy or with your permission.

9.2                   You agree that your Personal Information may be shared under the following circumstances:

9.2.1                            to our agents, advisers, service providers and suppliers which have agreed to be bound by this Privacy Policy (or terms that are similar to those set out in this Privacy Policy);

9.2.2                            to Practitioners, Specialists and/or Facilities;

9.2.3                            to our employees, suppliers, service providers and agents if and to the extent that they need to know that information in order to process it for us and/or to provide services for or to us, such as hosting, development and administration, technical support and other support services relating to the Platform or the Content. We will authorise any information processing done by a third party on our behalf, amongst other things by entering into written agreements with those third parties governing our relationship with them and containing confidentiality and non-disclosure provisions;

9.2.4                            in order to enforce or apply the Platform Terms of Use, this Privacy Policy or any other contract between you and us;

9.2.5                            in order to protect our rights, property or safety or that of our customers, employees, contractors, suppliers, service providers, agents and any other third party;

9.2.6                            in order to mitigate any actual or reasonably perceived risk to us, our customers, employees, contractors, agents or any other third party;

9.2.7                            to governmental agencies, exchanges and other regulatory or self-regulatory bodies if we are required to do so by law or if we reasonably believe that such action is necessary to:

9.2.7.1                                     comply with the law or with any legal process;

9.2.7.2                                     protect and defend the rights, property or safety of Epione, or our customers, employees, contractors, suppliers, service providers, agents or any third party (including Practitioners, Specialists and Facilities, as the case may be);

9.2.7.3                                     detect, prevent or deal with actual or alleged fraud, security or technical issues or the abuse, misuse or unauthorised use of the Platform and/or contravention of this Privacy Policy; and/or

9.2.7.4                                     protect the rights, property or safety of members of the public (if you provide false or deceptive information about yourself or misrepresent yourself as being someone else, we may proactively disclose such information to the appropriate regulatory bodies and/or commercial entities).

10.       Storage and transfer of your Personal Information

10.1                 We store your Personal Information on our servers or those of our service providers.

10.2                 We reserve the right to transfer to and/or store your Personal Information on servers in a jurisdiction other than where it was collected or outside of South Africa, and such jurisdiction may not have comparable data protection legislation.

10.3                 If the location that Personal Information is transferred to or stored does not have substantially similar laws which provide for the protection of Personal Information, we will take reasonably practicable steps to ensure that your Personal Information is adequately protected in that jurisdiction.

11.       Security

11.1                 We take reasonable technical and organisational measures to secure the integrity of retained information, using accepted technological standards to prevent unauthorised access to or disclosure of your Personal Information, and protect your Personal Information from misuse, loss, alteration or destruction.

11.2                 From time to time, we review our information collection, storage and processing practices, including physical security measures, to keep up to date with good practice.

11.3                 Even by taking the above measures when Processing Personal Information, we do not guarantee that your Personal Information is 100% secure.

12.       Retention of your Personal Information

12.1                 We may keep and Process some or all of your Personal Information if and for as long as:

12.1.1                          we are required or permitted by law or a contract with you to keep it;

12.1.2                          we reasonably need it for lawful purposes related to our functions and activities;

12.1.3                          we reasonably need it for evidentiary purposes; or

12.1.4                          you agree to us keeping it for a specified further period.

13.       Keeping your Personal Information updated and correct

13.1                 Where required by law, we take reasonable steps to ensure that your Personal Information is accurate, complete, not misleading, and up to date.

13.2                 You must let us know if any information we have about you is incorrect, incomplete, misleading or out of date, by notifying us at the contact details set out in clause 20 below.

14.       You give up your rights

14.1                 You agree that where the law requires us to make you aware of something (to inform or notify you) or to do something else, we do not have to do this. This only applies as far as the law allows this.

14.2                 For example, sometimes the law says that we have a duty to make you aware of some information or other matters, unless you agree that we do not need to do these things (this is called a waiver of rights). Because you agree to this, we will not have this duty anymore and will not need to make you aware of the information or other matters.

15.       Changes to this Privacy Policy

15.1                 We may, at any time, change this Privacy Policy and will take reasonably practical steps to inform you of the changes. Without limiting the ways we may inform you, we may inform you either by sending you an e-mail (if you give us your e-mail address when you register to use the Platform), or by placing a notification on the Platform.

15.2                 If you do not agree to the changes to this Privacy Policy, you must end your use of the Platform in the way set out in the Platform Terms of Use.

16.       Children

16.1                 Where we collect the Personal Information of children, we will only do so with the express consent of the competent person in accordance with applicable laws.

17.       Direct marketing

17.1                 When you register to use the Platform, you agree to receive marketing communications from us.

17.2                 You may refuse to accept, require us to discontinue, or pre-emptively block any approach or communications from us if that approach or communication is primarily for the purpose of direct marketing ("direct marketing communications").

17.3                 You may opt out of receiving direct marketing communications from us at any time by requesting us (in the manner set out in the communication or by contacting us at the contact details set out in clause 21) to desist from initiating any direct marketing to you. If you wish to opt out of receiving direct marketing communications which are sent to you through the Platform, then you will need to end your use of the Platform and the Content.

17.4                 If you have opted out, we may send you written (which may include electronic writing) confirmation of receipt of your opt out request, and not send you any further direct marketing communications.

18.       Third party sites

18.1                 This Privacy Policy does not apply to other parties' websites, products or services, such as websites linked to, from or advertised on the Platform, or sites which link to or advertise the Platform. We are not responsible for the privacy practices of such third party websites.

18.2                 We advise you to read the privacy policy of each third party website and determine if you agree to the privacy practices and policies of such third party websites. .

19.       Consumer Protection Act and Protection of Personal Information Act

19.1                 If any part of this Privacy Policy is regulated by or subject to the Consumer Protection Act or the Protection of Personal Information Act, No. 4 of 2013 ("POPI"), it is not intended that any part of this Privacy Policy contravenes any provision of the CPA or POPI. Therefore all provisions of this Privacy Policy must be treated as being qualified, to the extent necessary, to ensure that the provisions of the CPA and POPI are complied with.

19.2                 No provision of this Privacy Policy (or any contract governed by this Privacy Policy):

19.2.1                          does or purports to limit or exempt us or any person or entity from any liability (including, without limitation, for any loss directly or indirectly attributable to our gross negligence or wilful default or that of any other person acting for or controlled by us) to the extent that the law does not allow such a limitation or exemption;

19.2.2                          requires you to assume risk or liability for the kind of liability or loss, to the extent that the law does not allow such an assumption of risk or liability; or

19.2.3                          limits or excludes any warranties or obligations which are implied into this Privacy Policy (or any contract governed by this Privacy Policy) by the CPA or POPI (to the extent they are applicable) or which we give under the CPA or POPI (to the extent they are applicable), to the extent that the law does not allow them to be limited or excluded.

20.       Governing law

20.1                 South African law applies to this Privacy Policy.

20.2                 If any provision of this Privacy Policy is judged to be illegal, void or unenforceable due to applicable law or by order of a court of a competent jurisdiction it shall be deemed deleted and the continuation in full force and effect of the remainder of the provisions will not be prejudiced.

21.       Queries and Contact details

If you have questions about our Privacy Policy or wish to contact us, please contact us at info@epione.net