AitaHealth Privacy Notice

Privacy Notice

Data Controller

AitaHealth is a multi-tenant instance and therefore has multiple controllers.

Important: Your data is not shared with all the controllers. Your data is only shared with the applicable controller.

The applicable controller is communicated to you, the data subject, by the controller prior to collection of your data or as soon as possible after collection of your data.

If it is unclear to you who the data controller is please contact the processor, Mezzanine Ware, using the contact details:

The specific controller is the controller of the personal data that you (the data subject) provide us. Once you consent to the collection of your personal data through the use of this product ("product") we collect the below-listed types of personal data from you the data subject.

The use and storage of your data are processed in accordance with this privacy notice.

Data Processing

Purpose of Processing

The data will be processed for research purposes and in order to improve healthcare outcomes in the relevant area. Data will be processed in Johannesburg, South Africa, within the Vodacom data centre.

Legal Basis for Processing

The legal basis for the processing of the personal data of the data subject is:

Select the appropriate lawfulness category

  • (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Voluntary or Mandatory Provision of Personal Data

The personal data listed in section "Provision of Personal Data" is provided voluntarily and is provided voluntarily due to the below-listed reasons.

  • Personal information is provided for the purpose of researching and improving healthcare outcomes.

Provision of Personal Data 

Once you consent (or due to the legal basis listed above) to the collection of your personal data through the use of this product we collect the below-listed types of personal data from you the data subject.

Where special categories of data are collected the data subject consents to the collection of such information through accepting the privacy notice.

Special category data includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

  • First name, last name/surname, maiden name
  • Email address
  • Phone number
  • Photo
  • Date of birth
  • IP address
  • Login username
  • Password
  • Special category data - racial or ethnic origin (Warning: by consent or required by law or regulation)
  • Special category data - health data (Warning: by consent or required by law or regulation)
  • Special category data - sex life and sexual orientation (Warning: by consent or required by law or regulation)
  • Home address (street, zip, postal code, city)
  • National Identification Number, (Social) Insurance Number, Social Security Number
  • Passport number, national ID number, driver's licence number
  • Location data
  • Mobile device IDs
  • Employment history, job title
  • Education history

Consequences of failure to provide information

The consequences of failure to provide the personal data listed in section "Provision of Personal Data'' is that you will not be registered as a person within the AitaHealth application. In doing so, you will not participate in any research activities based on the data within the application and you will not benefit from any possible improved healthcare outcomes that may result from registration within the application.

Data Transfer

Personal Data Recipients

The personal data of the data subject will be processed by the below-listed recipients.

  • University of Pretoria, according to agreed study protocols

Personal Data Storage

Data will be stored indefinitely and removed only on request by the subject or the controller.

Automated Decision-Making

The processing activities do not include automated decision-making.

Source of Personal Data

The personal information of the data subject was lawfully obtained from the data subject. No third party sources were involved.

Data Subject Rights

Data subjects have the below-listed rights with regards to the personal data of the data subject.

  • Right of access to information regarding the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • Right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • Right to lodge a complaint with a supervisory authority
  • Right to any available information as to their source where the personal data are not collected from the data subject
  • Right to be informed of the existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • Right to be informed of the appropriate safeguards where personal data are transferred to a third country or to an international organization
  • Right to be provided with a copy of the personal data undergoing processing
  • Right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
  • Right to object to processing of personal information
  • Right to be informed that and what personal information has been collected when not collected from the data subject
  • Right to be informed that and what personal information has been accessed or acquired by an unauthorized person as well as security compromises

Data Subject Complaints

In the event that you wish to complain about how we have handled your personal data, please contact the Data Protection Officer at or in writing at Suite 173, Private Bag x14, Die Boord, 7613. Our Data Protection Officer will then look into your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law you can contact the Information Regulator: South Africa (POPIA) or the relevant Supervisory Authority (GDPR) of your region.