top of page
Image by Dan Nelson

Privacy policy

Privacy Policy
Compliant with POPIA (Act No. 4 of 2013)
Effective Date: 24 June 2025

1. Introduction
The Health Retirees Association (HRA) respects your privacy and complies with South Africa’s Protection of Personal Information Act (POPIA). This policy outlines how we collect, use, and protect your personal data.

2. Information We Collect
We may process:

  • Identifiers: Name, ID number, contact details (email/phone)

  • Professional Data: Retirement date, healthcare speciality, work history

  • Financial Information: Membership fees, donation records (via secure payment gateways)

  • Health Data: Wellness screening results (with explicit consent)

  • Digital Footprint: IP address, browser type (for website analytics)
     

3. How We Collect Data

  • Directly from you (membership forms, event registrations)

  • Through third parties (banks for payments)

  • Automatically via cookies (see Section 8)
     

4. Purpose of Processing
We use your data solely for:

  • Administering membership benefits

  • Organizing spiritual/wellness programs

  • Processing donations & financial support

  • Communicating events and HRA initiatives

  • Complying with legal obligations
     

5. Lawful Basis for Processing

  • Consent: For health data or newsletters (withdraw anytime)

  • Contractual Necessity: To deliver membership services

  • Legitimate Interest: Fraud prevention, network security
     

6. Data Sharing & Disclosure
We only share data with:

  • Service Providers: Secure payment processors (e.g., PayFast)

  • Healthcare Partners: For screenings (with your consent)

  • Legal Authorities: If required by law (e.g., court order)
    No sale of data to third parties.
     

7. Data Subject Rights
Under POPIA, you may:

  • Access your personal data

  • Correct inaccurate information

  • Delete data (where legally permissible)

  • Object to processing

  • Withdraw consent
    Submit requests to: healthretireesassociation@gmail.com
     

8. Cookies & Tracking
Our website uses essential cookies for:

  • Session management (e.g., login security)

  • Analytics (anonymous traffic data)
    No advertising cookies deployed.
     

9. Data Security
We implement:

  • Encryption: SSL for online transactions

  • Access Controls: Staff training on POPIA compliance

  • Secure Storage: Password-protected digital files; locked physical records

  • Breach Protocol: 72-hour notification to Regulator & affected parties
     

10. Data Retention
We retain data:

  • Membership Records: 5 years post-membership

  • Financial Data: 5 years (as per Tax Administration Act)

  • Health Screening Results: 1 year (unless longer consent given)
    Data is anonymized or destroyed after retention periods.

bottom of page