Dr B. Ngutshane Inc. logo
Dr B. NgutshaneCardiothoracic Surgeon

Legal

Privacy Policy

Last updated: June 2025

1. Who We Are

Dr B. Ngutshane Inc. ("the Practice") is the responsible party for all personal information collected through this website and our patient intake processes. Our Information Officer can be contacted at info@drngutshane.co.za.

2. Information We Collect

We collect personal information you provide when booking appointments or completing intake forms, including your name, contact details, identity number, medical aid information, and clinical history. We also collect non-personal usage data through analytics tools to improve our website.

3. Legal Basis for Processing

We process your personal information on the basis of your explicit consent (provided during intake), the performance of a healthcare contract, and our legitimate interest in providing safe, coordinated surgical care. We process special personal information (health data) solely for the provision of medical services.

4. How We Use Your Information

Your information is used to schedule and manage appointments, provide surgical and clinical care, communicate with referring healthcare providers, issue accounts to medical aids or insurers, and comply with our legal and professional obligations as registered healthcare practitioners.

5. Data Security

All personal and health information is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. Our systems are hosted within South Africa (AWS Johannesburg region) to ensure data sovereignty. We maintain daily automated backups and deploy a Web Application Firewall (WAF) for additional protection.

6. Retention

We retain patient records for a minimum of six years after the last consultation, or longer where required by the Health Professions Act or other applicable legislation. You may request early deletion of non-clinical data at any time.

7. Sharing of Information

We do not sell or rent your personal information. We share information only with: affiliated hospitals for surgical planning, medical aids for authorisation and billing, other treating clinicians with your consent, and regulatory bodies as required by law.

8. Your Rights (POPIA)

Under the Protection of Personal Information Act 4 of 2013 you have the right to access your personal information held by us, request correction of inaccurate information, object to processing, request deletion where legally permissible, and lodge a complaint with the Information Regulator of South Africa.

9. Cookies & Analytics

Our website uses Google Analytics to understand aggregate usage patterns. No personal health information is shared with analytics services. You may opt out of analytics tracking via your browser settings.

10. Contact & Complaints

For any privacy-related queries, contact our Information Officer at info@drngutshane.co.za. You may also contact the Information Regulator at www.inforegulator.org.za.