BAROQUE MEDICAL PRIVACY NOTICE
1. INTRODUCTION
1.1 This Privacy Policy is applicable to Baroque Medical (Proprietary) Limited and its affiliates, Baroque Pharmaceuticals (Proprietary) Limited and Crossroad Education Institute.
1.2 Baroque Medical (Proprietary) Limited is a distributor of healthcare products, including medical devices and pharmaceuticals, and it markets and distributes those products to both the private and public sectors.
1.3 It also engages with Healthcare Professionals to market the products, as well as Continuing Medical Education – i.e., the development of their professional and performance by way of sponsorship grants for the attendance at educational and training events
1.4 As part of its day-today business operations and in terms of legal and regulatory requirements, Baroque Medical is required to process personal information pertaining to its employees, customers, patients and Healthcare Professionals and is consequently required to protect that personal information in terms of the Protection of Personal Information Act 4 of 2013, including its Regulations (POPI Act).
1.5 Baroque Medical shall ensure that all personal information is processed within the parameters of the law.
2. INTERPRETATION AND DEFINITIONS
In this Policy:
2.1 Clause headings are for convenience and reference only;
2.2 Any gender includes the other genders and a natural person includes a juristic person and vice versa;
2.3 All the annexures (if any) hereto are incorporated herein and shall have the same force and effect as if they were set out in the body of this notice;
2.4 The following words and/or expressions shall, unless the context indicates otherwise, bear the meaning assigned to them below and in the Protection of Personal Information Act;
2.4.1 “Baroque Medical” means Baroque Medical (Proprietary) Limited, a company duly registered and incorporated, and situated at 12 Rivonia Road, Illovo, 2196;
2.4.2 “Cookie/s” (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing to inter alia remember stateful information (such as items added in the shopping cart in an online store) or to record the user’s browsing activity.
2.4.3 “Data subject” means the person to whom Personal information relates;
2.4.4 “Director/s” means the directors of Baroque Medical;
2.4.5 “Employee” means a permanent, fixed-term or temporary employee of Baroque Medical;
2.4.6 “Operator” means a third party that processes Personal information in terms of a mandate or contract with Baroque Medical, without coming under the direct authority of Baroque Medical;
2.4.7 “Information officer” means the person appointed by Baroque Medical, from time to time, who is responsible for the monitoring of compliance with the conditions for the lawful processing of Personal information; dealing with requests made to Baroque Medical in terms of the POPI Act; working with the Regulator in relation to investigations conducted in relation to prior authorisation by the Data subject and ensuring compliance with the provisions of the POPI Act;
2.4.8 “Person” means any person,
2.4.9 “Personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
2.4.9.1 information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
2.4.9.2 information relating to the educational, medical, financial, criminal or employment history of the person;
2.4.9.3 any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
2.4.9.4 the biometric information of the person (as applicable);
2.4.9.5 the personal opinions, views or preferences of the person;
2.4.9.6 correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
2.4.9.7 the views or opinions of another individual about the person; and
2.4.9.8 the name of the person if it appears with other Personal Information relating to the person or if the disclosure of the name itself would reveal information about the person;
2.4.10 “Privacy Notice” means this Notice as amended from time-to-time;
2.4.11 “Processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal information, including—
2.4.11.1 the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
2.4.11.2 dissemination by means of transmission, distribution or making available in any other form; or
2.4.11.3 merging, linking, as well as restriction, degradation, erasure or destruction of information.
3. PROCESSING OF PERSONAL INFORMATION
3.1 The Personal information that Baroque Medical collects in the ordinary course of business includes:
3.1.1 only information that is adequate, necessary, and relevant to enable Baroque Medical to perform its functions e.g. Data subject’s name, identity number (where applicable), passport number (where applicable), council/practice/registration number, patient number (where applicable), employee and directors Personal information, contact information etc;
3.1.2. electronic communications sent to Baroque Medical;
3.1.3 information submitted in response to a vacancy advertisement;
3.1.4 technical information, for instance through the use of cookies, such as activity data, such as when the Data subject completes a form on the Baroque Medical website, subscribes to a newsletter, alerts or other services from Baroque Medical or taking part in a competition, prize draw or survey;
3.1.5 information from the Data subject’s visits to the Baroque Medical website, including the type of browser and operating system that the Data subject uses, access times, pages viewed, URLs clicked on, his IP address and the pages visited before and after navigating the Barque Medical website;
3.1.6 social media tracking pixels that allow platforms such as Facebook, LinkedIn and Twitter to interact with the Baroque Medical website and give feedback on the Data subject’s actions;
3.1.7 device information, including the unique device identifier, hardware model, operating system and version and mobile network information;
3.1.8 Personal information collected in the monitoring of other websites may include the Data subject’s public Personal information;
3.1.9. Personal information collected and processed in the course of a Product Experience Report, which may include information such as gender, date of birth, information about the Data subject’s health, information pertaining to the Healthcare Professional such us name and practice number;
3.1.10 Personal information collected and processed in the course of sponsorship grants such as Healthcare Professionals’ name, identity number, passport number, gender and the like;
3.1 11 The Baroque Medical website uses various technologies including “cookies” which allow the website to recognise and respond to the Data subject as an individual. The Data subject can elect to accept or decline cookies. If a Data subject elects to decline cookies, not all elements of the website may function as intended, so his website experience may be affected.
3.1.12 Personal information obtained by means of registering on the Baroque Medical website for the purpose of purchasing through our online store system. This information includes, but is not limited to, the data subject’s name, surname, contact information, domicile or delivery address, practice number (in the event the data subject is a HCP), billing address, medical aid details (in the event the data subject shall be claiming from medical aid), HCP or data subject information obtained by means of a medical script uploaded to the Baroque Medical website by the data subject.
3.2 Protection of Personal information
3.2.1 Baroque Medical utilises a variety of security measures and technologies to protect the personal information of a Data subject from unauthorised access, use, disclosure, alteration or destruction;
3.2.2 The transmission of information to Baroque Medical via the internet or a mobile phone network connection may not be completely secure and any transmission is at the Data subject’s risk.
3.2.3 The Date Subject acknowledges that despite the security measures that are in place in place to protect Personal Information, Personal Information may be accessed by an unauthorised third party, e.g. as a result of an illegal activity such as hacking, unauthorised downloads etc.
3.2.4 Baroque Medical, may, from time to time, may provide links to websites or mobile applications that it does not own or control. This Policy does not apply to those websites. If a Data subject chooses to use those websites, he must check the legal and privacy policies or statements posted on each website or mobile application he accesses to understand their privacy practices.
3.3 Use of Personal information
Baroque Medical may use the personal information of a Data Subject to:
3.3.1 Provide the Data Subject with information and services including:
3.3.1.1 sponsorship grants to events, invitations to medical education programs and online events, such as webinars run by Crossroads Education Institute;
3.3.1.2 press releases; clinical studies; articles of interest
3.3.1.3 job vacancies;
3.3.1.4 marketing communications relating to products and services. In this regard, Baroque Medical will obtain the necessary consent for marketing;
3.3.2 Contact and interact with the Data subject, including:
3.3.2.1 response to requests from the Data subject;
3.3.2.2 provision important notices and updates, Field Safety Notices, Recalls, security alerts and administrative messages;
3.3.2.3. Product Experience Reporting
3.3.3 Operate Baroque Medical’s business, including:
3.3.3.1 screening visitors through COVID-19 screening, CCTV footage, conducting searches for dangerous weapons, completing the attendance register for security purposes,
3.3.3.2 complying with applicable laws, regulations and guidance; and
3.3.3.3 complying with demands or requests made by regulators, governments, courts and law enforcement authorities.
3.3.4 Improve Baroque Medical’s day-to-day operations, including:
3.3.4.1 for internal purposes such as auditing, data analysis and research; to monitor and analyse trends, usage and activities in connection with products and services;
3.3.4.3 to improve products, services and communications to the Data subject; and
3.3.4.4 to ensure that Baroque Medical has up-to-date contact information for the Data subject, where applicable.
3.4 Storage of Personal information of a Data subject
3.4.1 Baroque Medical will store Personal information for the period required by law and as necessary in connection with legal action or an investigation.
3.4.2 In general, Baroque Medical will store Personal Information
3.4.2.1 for as long as needed to provide the Data subject with access to services he has requested;
3.4.2.2 where the Data subject has contacted with a question or request, for as long as necessary to allow Baroque Medical to respond to the question or request;
3.4.2.3 for as long as necessary to comply with any laws or regulations.
3.5 Permitted sharing of Personal
3.5.1. Baroque Medical is permitted to share Personal information with the following third parties:
3.5.1.1 agents and suppliers, including those who provide it with technology services such as data analytics, hosting and technical support;
3.5.1.2 professional advisors, auditors and business partners;
3.5.1.3 suppliers, regulators, governments and law enforcement authorities;
3.5.1.4 other third parties in connection with re-organising all or any part of Baroque Medical’s business
3.5.2 Personal Information may be processed Baroque Medical and its third party suppliers’ outside of the borders of South Africa. In this regard, it must be noted that Personal information laws in the countries to which the Personal information is transferred may not be equivalent to, or as protective as, the laws South Africa.
3.5.3 Baroque Medical will implement appropriate and reasonable measures to ensure that the Personal information remains protected and secure when it is transferred outside of the borders of South Africa, in accordance with applicable Personal information protection and privacy laws. These measures include data transfer agreements implementing standard data protection clauses.
3.6 Rights regarding this Personal information
The Data Subject may:
3.6.1 request Baroque Medical for access to Personal information that Baroque Medical holds about him;
3.6.2 request the correction and/or deletion of his Personal information;
3.6.3 request the restriction of the processing of his Personal information, or object to that processing;
3.6.4 withdraw consent to the processing of his Personal information, where consent was necessary;
3.6.5 withdraw consent to receive marketing messages;
3.6.6 request for the receipt or the transfer to another organisation, in a machine- readable form, of the Personal Information that he has provided to Baroque Medical;
3.6.7 lodge a complaint with his local data protection authority if his privacy rights are violated, or if he has suffered as a result of unlawful processing of his Personal Information.
3.7 Objections to Providing Personal Information
3.7.1 Where a Data subject is given the option to share his Personal information with Baroque Medical, he may elect not to do so.
3.7.2 If a Data subject objects to the processing of his Personal information, or if he has provided his consent to processing and chooses to withdraw it, Baroque Medical will comply with the request in accordance with its legal obligations and as permitted by law or regulations. Baroque Medical’s legal obligations in respect of the withdrawn information shall therefore cease to exist.
4. IMPORTANT NOTICE TO DATA SUBJECTS
4.1 By visiting Baroque Medical’s website and communicating electronically with Baroque Medical, the Data Subject consents to the processing, including transfer of his Personal information as set out in this Notice.
4.2 Baroque Medical is continually improving its methods of communication and adding new functionality and features to its website. Due to these ongoing changes, changes in the law and the changing nature of technology, Baroque Medical’s data protection practices may change from time to time, in which case Baroque Medical will update this Notice to describe its new practices.
5. CONTACT INFORMATION
For any questions or requests regarding this Notice or if a Data Subject would like to exercise his rights including contacting the Information Officer, please use the following contact information:
011 770-4700
alison@baroque.co.za
