When we refer to ‘we’, ‘us’ or ‘our’ we mean Genie Health South Africa (Pty) Ltd and its subsidiaries.
We offer a digital platform, app, website, and services under license, to enable virtual services by connecting our users to physiotherapists, biokineticists, and/or other professionals. We do this through our websites, including, but not limited to, Genie, and their related sites, (the “Sites”), the GENIE mobile applications, the biofeedback technology, and other electronic means such as video conferencing, chat, phone, and surveys (together, the “Services”). The Services are owned by GENIE and its affiliates.
GENIE provides the Services through which you can access telehealth, musculoskeletal care, and other wellness services provided by a professional (“Clinical Services”). GENIE does not provide Clinical Services. GENIE contracts with separate entities professional practices, companies and individuals) to engage independent physiotherapists and biokineticists (each a “Professional” or together, the “Professionals”) to provide Clinical Services to you.
Personal Information We Collect
Information You Provide to Us
GENIE collects information that you provide to us, including when you enrol, give updates about your condition, respond to a survey, or contact us. Some examples of this information include:
- Contact or other Identifying Information, such as your name, address, email address, telephone number, username and password;
- Professional or employment-related information, such as the name of your employer, company, and other professional or employment information you provide to us;
- Mental and physical condition information, such as height, weight, general health, feelings of pain and fatigue, exercise patterns, personal motivations, information about pregnancies and childbirth, and feelings of anxiety or depression;
- Medical information such as current or former injuries, medical diagnoses, and whether you are cleared by a physician to exercise, as well as medical scheme or other payor information; and
- Communications with GENIE, including with the Professionals or third-party partner organisations.
Information Collected While Using Our Services
Genie may also collect certain information when you access, browse, and use our Services. This information is generated by the computer, tablet, mobile app, or electronic sensors used in the Services. Some examples include:
- Internet and other electronic activity data, such as the name of the domain and host from which you access the internet; the browser software you use and your operating system; the date and time you access the service; how often you access the Services, and the internet address of the website from which you directly linked to GENIE;
- Log and Troubleshooting Information: We collect information about how our Services are performing when you use them, like service-related diagnostic and performance information. This information includes log files, timestamps, diagnostic or crash data, website/app performance logs and error messages or reports.
- Identifiers or Geolocation data, such as Internet Protocol (IP) address;
- Exercise data, the type and order of exercises, number of repetitions, duration, manner, and individual performance including range of motion, movement errors, and compliance with the assignment movement; and
- Data from Tracking Technologies, such as information from cookies, web beacons, tags, or other tracking technologies, as further described below.
Information Collected from Other Sources
In connection with your use of the Services, we may combine or compare data we have collected from you with information collected from a third party. Some examples of information we may receive from a third party include:
- Eligibility Information: If you are participating in a program sponsored by your employer, medical scheme, or healthcare provider, information contained in an eligibility file such as whether you are enrolled in the plan, your name, email, and some related health information;
- Information We Obtain from Your Health Care Providers and Other Sources: In connection with your treatment, we may collect medical records from your past, current, and future health care providers. This may include past or present diagnoses, previous treatments, general health, test results and reports, any family history of illness, and records of communications related to your health; and
- Information Collected from Third Parties: We may collect information available about you from third party service providers to improve the Services, such as identifying health factors related to your treatment to better tailor the Services to you.
How We Use and Share Personal Information
Use of Personal Information
We may use the Personal Information we collect for one or more of the following business purposes:
- To provide, personalize, improve, update, and expand our Services, including:
- For product testing and development, data analysis, and survey purposes; and,
- For scientific, statistical, and historical research;
- To communicate with you about the Services, including:
- To respond to your inquiries and concerns;
- Provide you with information or request action in response to technical, security and other operational issues; or
- To follow-up with you regarding your enrolment process.
- To create de-identified information (for example, aggregated statistics) related to the use of the Services or for scientific research;
- To comply with laws and regulations, including to respond to law enforcement or a government request(s) as required by applicable law, court order, or governmental regulations and to monitor our compliance with those obligations;
- To protect the integrity and maintain the security of our Services;
- To enforce our Terms and Conditions; and
- For any other purpose for which you may provide consent or as disclosed to you when you provide information to us.
When we use the term “de-identified information,” we mean information that is neither used, nor intended to be used, to identify an individual. We may use de-identified information without restriction and may share it with unaffiliated third parties.
Sharing Personal Information
GENIE may share Personal Information with the following categories of third parties for the following purposes:
- Service Providers: We may share your Personal Information with service providers, such as contractors and other third parties we use to support our organization and provide us with services. These companies are subject to contractual obligations governing privacy, data security, and confidentiality consistent with applicable laws. These companies include our cloud services infrastructure providers, vendors that assist us in marketing and consumer research analytics, fraud prevention, security, communications infrastructure providers, vendors that help us provide some support functions, like phone support or survey tools, and third-party partners for analytics and advertising purposes;
- Corporate Affiliates: We may share your Personal Information with our subsidiaries, affiliates, and associated organizations;
- Research Partners: We may share your Personal Information with research partners if you provide us with your express consent or if otherwise permitted by law. Research partners include commercial or non-profit organizations that conduct or support scientific research, the development of therapeutics, medical devices or related material to treat, diagnose, or predict health conditions. In some circumstances, a research partner or GENIE may have a financial interest in the research arrangement.
- Health Care Providers, Health Plans, and Similar Organizations: Personal Information that we create or obtain about you may be shared with health care providers, health plans, medical schemes, medical scheme administrators, managed care organisations or other similar health care organizations as permitted by law or pursuant to your consent.
- Law Enforcement, Government Agencies or Other Third Parties: From time to time, we may be required to provide Personal Information to a third party in order to comply with a subpoena, court order, government investigation, or other similar legal process. If we disclose your Personal Information in this way, we will reasonably attempt to provide you with advance notice, unless we are prohibited from doing so. We may share your Personal Information if we believe it is reasonably necessary to:
- Comply with valid legal process (e.g., subpoenas, warrants);
- Respond to a government request;
- Enforce or apply the GENIE Terms and Conditions;
- Investigate fraud;
- Protect the security or integrity of the Services;
- Protect the rights, property, or safety of GENIE, our employees, members, or users; or
- At your direction or with your permission.
- Corporate Transaction: If we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of all or a portion of our assets, we may share or transfer your Personal Information as part of such corporate transaction.
- Genie will not disclose/share any information obtained through the short code program to third parties for their own marketing purposes.
Retention of Personal Information
GENIE will retain the Personal Information you provide while creating your account and your profile until such time as you delete your account, or you request deletion provided you are entitled to request deletion under applicable law. Any clinical records created as a result of your use of the Services will be securely maintained by GENIE for a period that is no less than the minimum number of years such records are required to be maintained under applicable law. GENIE may also retain certain information as reasonably necessary to comply with our legal obligations (including law enforcement requests), resolve disputes, maintain security, prevent fraud and abuse, as well as to comply with tax, securities, and regulatory compliance requirements. Genie does not store information created and contained within an associated Practice Management System. Any information that has been stored as a diary and sent to a Medical Scheme as a claim will be stored on our affiliate provider Practice Management systems and will be stored under its own terms and conditions and privacy standards (not to be any less than what is discussed here).
How to Review, Modify, and Delete Personal Information
Some applicable laws provide individuals with specific privacy rights, and you may have certain privacy rights with respect to the Personal Information we collect and maintain about you, such as the following:
Right to Know/Access
You may have a right to request access to your Personal Information and to be provided with a copy of certain information in a readily useable format, including:
- The categories of Personal Information we collected about you;
- The categories of sources from which we have collected your Personal Information;
- Our business or commercial purpose for collecting or selling that Personal Information;
- The categories of your Personal Information that we have shared with third parties;
- The categories of third parties with whom we share your Personal Information; or,
- The specific pieces of Personal Information we collected about you.
Right to Modify
You may have the right to request that we modify the Personal Information we have collected and maintain about you. To request to modify your Personal Information, email us at email@example.com. We may request additional information from you in order to verify your identity and update your Personal Information per your request.
Right to Request Deletion
You may have the right to request that we delete the Personal Information that we have collected and maintain about you subject to applicable law. We may deny your request under certain circumstances, such as if we need your Personal Information to respond to your inquiries. If we deny your request for deletion, we will let you know the reason why. There may be some latency in deleting your Personal Information from our backup systems after it has been deleted from our primary production and development systems.
How to Exercise Your Privacy Rights
If applicable, you may exercise your right to know/access and your right to request deletion twice a year free of charge. To exercise your rights to know/access and request deletion, please contact us at firstname.lastname@example.org. We will take steps to verify your identity before processing your request. We will not fulfil your request unless you have provided sufficient information for us to reasonably verify that you are the individual about whom we collected Personal Information. When submitting your request, please provide us with your name and contact information for purposes of enabling us to begin verifying your identity. We may request additional information about you if needed to verify your identity. Unless you have previously provided us your Personal Information for another purpose, we will only use the Personal Information provided in the verification process to verify your identity or authority to make a request, and to track and document your request to meet our obligations. We do not discriminate against individuals for exercising any of the above privacy rights. These rights may not be available to you and certain exceptions and exemptions may apply that will limit your ability to exercise these rights.
Authorized Agents: If required under applicable law, you may use an authorized agent to submit a request to know/access or a request to delete on your behalf. Even if you use an authorized agent, you will still need to communicate directly with GENIE to verify your identity and address. We require that your agent provide us with a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to contact you directly if we have any questions or concerns about the request from your agent.
How We Protect Personal Information
We take great care to protect the Personal Information we maintain about you. GENIE has a broad information security program designed to protect your Personal Information using administrative, physical, and technical safeguards. We have measures in place to protect against inappropriate access, loss, misuse, or alteration of Personal Information under our control. For example, Personal Information is stored on encrypted servers. While we strive to protect your Personal Information, we cannot guarantee the security of information you provide to us. This is especially true for information you transmit to us via email because email may not have the security features that are commonly built into websites. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure of your Personal Information. Additionally, please be aware that we have no control over the information collected by your internet service provider or information that you disclose over a public network. We are not responsible for any information collected by third parties not within our control or how such information is used or maintained.
We may use technologies such as cookies, web beacons or pixels, tags, scripts, and other storage technologies (collectively “Tracking Technologies”) to collect or receive information on the Sites. These Tracking Technologies may help us save your preferences, understand how you navigate through the Sites, and improve your experience.
Cookies and Other Tracking Technologies
Cookies are small data files that we transfer to your device to collect information about your use of the Sites. Cookies can be recognized by the website that downloaded them or other websites that use the same cookies. This helps websites know if your browsing device has visited them before. We may use both first-party and third-party cookies on the Sites for the following purposes: to make the Sites function properly, to improve the Sites, to track your interaction with the Sites, to enhance your experience with the Sites, to remember information you have already provided, to collect information about your activities over time and across third party websites or other online services in order to deliver content tailored to your interests; and to provide a secure browsing experience during your use of the Sites. The length of time a cookie will stay on your browsing device depends on whether the cookie is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your browsing device until they expire or are deleted. The following types of cookies may be used on the Sites:
- Strictly Necessary Cookies. These cookies are essential because they enable you to use the Sites. For example, strictly necessary cookies allow you to access secure areas of the Sites and for us to provide the Sites. These cookies do not gather information about you for marketing purposes. This category of cookies would be essential for the Sites to work, and they cannot be disabled.
- Functional or Preference Cookies. We may use functional cookies to remember your choices so we can tailor the Sites to provide you with enhanced features and personalized content. For example, these cookies can be used to remember your name or preferences on the Sites. We would not use functional cookies to target you with online marketing. While these cookies can be disabled, this may result in less functionality during your use of the Sites.
- Performance or Analytic Cookies. These cookies collect passive information about how you use the Sites, including webpages you visit and links you click. We would use the information collected by such cookies to improve and optimize the Sites. We would not use these cookies to target you with online marketing. You would be able to disable these cookies.
- Targeting or Advertising Cookies. These cookies are used to drive online advertising that is relevant to you by building up a picture of what you are interested in from your use of the internet. The cookies can limit the number of times you see an advert and help to measure the effectiveness of any advertising. They remember that you have visited a website, and this information may be shared with other organizations or advertisers. We may use these cookies in limited circumstances associated with our public-facing sites.
We may also use tracking technologies to collect “clickstream” data, such as the domain name of the service providing you with Internet access, your device type, IP address used to connect your computer to the Internet, your browser type and version, operating system and platform, the average time spent on the Sites, web pages viewed, content searched for, access times and other relevant statistics, and assign unique identifiers to the device or other credentials you use to access the Sites for the same purposes. Pages of the Sites and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Managing Your Tracking Technology Preferences
Do Not Track. Some Internet browsers (e.g., Internet Explorer, Mozilla Firefox, and Safari) include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, the Sites currently do not process or respond to “DNT” signals.
Location Information. You may be able to adjust the settings of your device so that information about your physical location is not sent to us or third parties by: (a) disabling location services within the device settings; or (b) denying certain websites or mobile applications permission to access location information by changing the relevant preferences and permissions in your mobile device or browser settings. Please note that your location may be derived from your Wi-Fi, Bluetooth, and other device settings. Please see your device settings for more information.
- Our Sites may utilize the Conversion Tracking Pixel service of Meta Platforms. This tool allows us to follow the actions of users after they click on a Facebook advertisement and allows us to record the efficacy of Facebook advertisements for statistical and market research purposes. The collected data remains deidentified which means we cannot see the personal data of any individual user. However, the collected data is saved and processed by Facebook and Facebook may be able to connect the data with your Facebook account and use the data for their own advertising purposes in accordance with Facebook’s Data Use Policy. Facebook Conversion Tracking also allows Facebook, and its partners, to show you advertisements on and outside Facebook. You can manage your preferences regarding how Facebook uses your data through your Facebook account settings.
As we are committed to protecting the privacy of children, we do not collect Personal Information directly from anyone who is, to our knowledge, under the age of 18. If you are under the age of 18, please do not provide any Personal Information to us through the Sites or Services. If you become aware that an individual under age 18 has provided Personal Information directly to us, please contact us as described in the “Contact Us” section, so that we can delete the information.
Notice of Privacy Practices Specific to CHI
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
As part of your use of the Services, we will receive, create, use, and disclose certain medical information about you, which is designated as “Confidential Health Information” or “CHI” and is subject to the privacy and security requirements of the National Health Act 61 of 2003 (“NHA”) and POPIA. For a description of how we collect, use, and disclose your personal information that is not CHI, please refer to our Terms and Conditions.
We are required by law to maintain the privacy and security of your CHI, which we do through reasonable administrative, physical, and technical means. Additionally, we:
- Are required to provide you with this Notice and must allow you to download a copy of it.
- May only use and disclose your CHI as described in this Notice, unless you tell us in writing.
- Will let you know promptly if a breach occurs that may have compromised your CHI.
Our Uses and Disclosures
As part of the Services that we provide to you, we may need to use and disclose your CHI for the reasons listed below, which may be done without your explicit authorization as permitted by law. While each use and disclosure listed below includes examples, the uses and disclosures listed are not exhaustive.
We may use or disclose your CHI for our payment activities or the payment activities of your health plan. For example, we might submit a claim or invoice to your health plan or other third party that is responsible for paying for the Services on your behalf.
As part of the Services, we may receive lab results, clinician notes, sensor readings, and other information related to your health condition. We will use this information to provide Services to you and we may disclose this CHI to your care team or other third-party healthcare professional for their treatment of your condition.
Your CHI may be used to run our business. This includes improving the Services, training staff, quality assessment and improvement, contacting you about the Services, and customer service. We may disclose your CHI to a third party for their healthcare operations only if they have or had an existing relationship with you. We may de-identify or aggregate your CHI as part of these operations, at which point this Notice will no longer apply.
We may engage third parties to assist with our activities described above. If this is the case, then we will require an agreement with the third party that protects the privacy and security of your CHI.
Other Uses and Disclosures
Under certain circumstances, we are required or permitted by law to disclose your CHI without your authorization. These include:
- For public health activities such as reporting certain diseases, including notifiable diseases
- To protect victims of abuse or neglect, such as child abuse and elder neglect
- For judicial and administrative proceedings such as responding to subpoenas
- For workers compensation claims
- To prevent or lessen a serious and imminent threat of harm to a person or the public
- When required by law or for law enforcement purposes
- For state and health oversight activities such as physician licensing and disciplinary action, including but not limited to that of regulators and statutory bodies, like the Health Professions Council of South Africa, Allied Health Professions Council of South Africa, etc.
- To coroners, medical examiners, and funeral directors in limited circumstances
- For organ donation and transplantation
- For research approved by an institutional review board
- For specialized government functions such as national security
- For other uses and disclosures, we may need your written authorization.
Notice Regarding Technology
We may use electronic software, services, and equipment, including without limitation email, video conferencing technology, cloud storage and servers, internet communication, cellular network, voicemail, facsimile, electronic health record, and related technology to share your CHI as described herein. Certain aspects of those transfers may not be encrypted or confidential. We take measures to safeguard the data transmitted, as well as ensure its integrity against intentional or unintentional breach or corruption. However, occasionally security protocols could fail. In the event that happens, we will take immediate steps to prevent further breach of information and promptly notify you if your information is impacted.
Your Choices About Uses and Disclosures
You have both the right and the choice to tell us to:
- Disclose your CHI to your family, close friends, or others involved in your care.
- Disclose CHI in a disaster relief situation.
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your CHI if we believe it is in your best interest. We may also share your CHI when needed to lessen a serious and imminent threat to health or safety.
Unless you give us written authorization, we will never:
- Use your CHI for marketing purposes, although we may use your CHI to keep you informed of other services and products that are relevant to your condition.
- Sell your CHI.
Any other uses and disclosures that are not described in this Notice require your written authorization. When you give us written authorization to use or disclose your CHI, you can revoke that authorization at any time. However, prior uses and disclosures will not be affected.
When it comes to your CHI, you have certain rights. This section explains your rights and some of our responsibilities to help you. Your authorized representative, such as a medical power of attorney or legal guardian, may also be able to exercise these rights for you. To exercise any of these rights, please contact us using the available methods described in the Contact Information and Complaints section below.
Right to Access CHI
You may inspect and copy certain portions of your CHI. You may request that we provide your health records to you in an electronic format. Under certain circumstances, we may deny your request for your CHI. If we deny your request, we will provide you with a written explanation regarding the denial.
Right to Amend Your CHI
You have the right to request we amend your CHI if you feel it is incorrect or incomplete. However, under certain circumstances we may deny your request. If we deny your request, we will provide you with a written explanation regarding the denial.
Right to An Accounting of Disclosures
You have the right to receive an accounting of certain disclosures of your CHI made for the prior six (6) years, although this excludes disclosures for treatment, payment, and health care operations, disclosures made that were authorized by you, and certain other disclosures. If you request an accounting more than once during a twelve (12) month period, we may charge you a reasonable fee for the accounting statement.
Right to Request Additional Restrictions
You have the right to request that we restrict how we use or disclose your CHI. However, we are not required to agree with your requests, unless you request that we restrict information provided to your health plan, the disclosure would be for the health plan’s payment or healthcare operations, and you have paid for the health care services completely by yourself.
Right to Receive Alternative Communications
You have the right to request that we communicate with you at a specific telephone number, postal, or email address. We are not required to agree to your request, but we will reasonably accommodate any such request.
Right to Receive a Paper Copy of this Privacy Notice
Upon request, you have the right to obtain a paper copy of this notice even if you have elected to receive it electronically.
To exercise any of these rights, please contact us using the available methods described in the Contact Information and Complaints section below.
Contact Information and Complaints
If you have any questions about this Notice, to receive a copy of this Notice, to exercise your rights under this Notice, or to file a complaint about GENIE’s handling of your CHI, you can contact GENIE’s Privacy Office using the information below.
By writing to:
GENIE Health South Africa
ATTN: Privacy Office
17 Midas Avenue
Or by sending an email to: email@example.com
Additionally, you may also file a complaint with the Health Professions Council of South Africa by visiting or by sending a letter to:
553 Madiba Street
Additionally, you may also file a complaint with the Information Regulator of South Africa by visiting or by sending a letter to:
27 Stiemens Street
Changes and Effective Date
We reserve the right to change this Notice and our privacy practices with respect to your CHI at any time. If we make changes, we may make the new terms effective for all CHI that we maintain, including any CHI created or received prior to issuing the new notice. If we change this Notice, we will post our revised Notice of Privacy Practices on our website, within our app, or we may mail or email it to you.