Privacy Policy

Effective Date: 1 September 2024

At Daniel da Cruz Physiotherapy, we are committed to protecting your privacy and securing your personal information. This Privacy Policy outlines how we collect, use, share, and safeguard your data when you visit our website ddcphysiotherapy.co.za, book appointments, contact us via phone or WhatsApp, or use our physiotherapy services. By using our website or services, you consent to the practices described below.

1. Information We Collect

We may collect:

  • Personal Information:
    • Name, email address, phone number, and physical address when you book an appointment through our website, submit a contact form, call us directly, or message us via WhatsApp at our business phone number (0631086029).
    • Health-related information (e.g., medical history, injury details, treatment plans) provided for physiotherapy services, initially recorded in physical form and later transferred to digital storage. We collect health-related information only with your explicit consent, whether through online forms, phone, or WhatsApp communications.
  • Non-Personal Information:
    • Website usage data, such as IP address, browser type, and pages visited, to improve our site’s functionality.
  • Cookies and Tracking Technologies: Our website may use cookies to enhance user experience, such as saving preferences or analyzing traffic. When you visit our website, a cookie banner will ask for your consent before placing non-essential cookies on your device. You can manage cookies through your browser settings.

2. How We Use Your Information

We use your information to:

  • Provide physiotherapy services, including scheduling appointments via Google Calendar, designing treatments, and managing follow-up care.
  • Maintain and store health records, initially in physical form and then securely digitized on Google Drive.
  • Respond to inquiries or requests submitted through our website, email, direct phone calls, or WhatsApp messages.
  • Send appointment confirmations, reminders, or service-related updates, including via phone or WhatsApp if you contact us through those channels.
  • Process payments for treatments, if applicable.
  • Analyze website usage to enhance user experience.
  • Comply with legal obligations under the Protection of Personal Information Act (POPIA).

3. Sharing Your Information

We do not sell, rent, or trade your personal information. We may share it:

  • With trusted service providers, such as Google (for Calendar and Drive) or WhatsApp (for messaging), who assist our operations and are required to protect your data in compliance with POPIA.
  • When required by law, such as to respond to legal processes or protect our rights, safety, or property.
  • In the event of a business transfer (e.g., merger or sale), with prior notice to you.

4. Your Rights

Under POPIA, you have the right to:

  • Access the personal information we hold about you.
  • Request corrections to inaccurate or incomplete data.
  • Request deletion of your data, subject to legal retention requirements (e.g., medical records).
  • Object to certain data processing, such as marketing communications.
  • Request your data in a structured, portable format.

To exercise these rights, contact us using the details below.

5. Data Security

We prioritize your data security:

  • Physical Storage: Health records are initially stored in secure physical form before being digitized.
  • Digital Storage: Records on Google Drive and booking data in Google Calendar are encrypted and protected with two-factor authentication (2FA).
  • Communications: Phone calls and WhatsApp messages (0631086029) are handled securely.
  • Data Breach Notification: In the unlikely event of a data breach, we will notify affected individuals and the Information Regulator as soon as reasonably possible, in compliance with POPIA. Notifications will include details of the breach, mitigation steps, and recommended actions (e.g., changing passwords). For our full breach notification procedure, see our PAIA/POPIA Manual.
Download PAIA Manual

We implement reasonable technical and organizational measures to prevent loss, misuse, or unauthorized access. However, no system is entirely secure, and we cannot guarantee absolute security.

6. Third-Party Links and Services

Our website may link to third-party services, such as Google Calendar for bookings or WhatsApp for communication. We are not responsible for their privacy practices. Please review the privacy policies of Google and WhatsApp for details on how they handle your data.

7. International Data Transfers

Your data may be processed in South Africa or other countries by service providers like Google or WhatsApp. We ensure compliance with POPIA through standard contractual clauses or equivalent safeguards.

8. Data Retention

We retain your personal information only as long as necessary for the purposes outlined above or as required by law (e.g., medical record retention under South African regulations). When no longer needed, we securely delete or anonymize it.

9. Children’s Privacy

Our website and services are not intended for individuals under 18. We do not knowingly collect personal information from children without parental consent. If this occurs, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Updates will be posted on our website with the new effective date.

11. Contact Us

For questions, concerns, or to exercise your POPIA rights, contact:

Information Officer: Daniel da Cruz
Email: info@ddcphysiotherapy.co.za
Phone: 0631086029
Address: Shop L11, 135 Rivonia Road, Medical on Maude, Sandton, Gauteng, 2196