1. WHO WE ARE
INVESTMED HEALTH FUND is a credible and trustworthy open health insurance organisation in Zimbabwe, registered in terms of Statutory Instrument (S.I) 330 of 2000 as amended by S.I 35 of 2004 and seeks to provide innovative, efficient and cost-effective health insurance services to the market.
2. WHO THIS PRIVACY NOTICE APPLIES TO
This Privacy Notice applies to all persons (both natural and juristic) that INVESTMED HEALTH FUND collects and process personal information about, including but not limited to website users, Scheme members and their dependants, healthcare service providers, suppliers, service providers, employees, consultants, job candidates and other third parties (“you”).
3. INTRODUCTION
INVESTMED HEALTH FUND is committed to protecting the confidentiality and privacy of the personal information it processes. This Privacy Notice explains how we process and protect your personal information.
In relation to our members and their dependants, the official Scheme Rules of INVESTMED HEALTH FUND will apply if there is any conflict between the Scheme Rules and a provision of this Privacy Notice.
4. PERSONAL INFORMATION
The Data Protection Act [chapter 11:22] of Zimbabwe defines personal information as information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:
· information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;
· information relating to the education or the medical, financial, criminal or employment history of the person;
· any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;
· the biometric information of the person;
· the personal opinions, views or preferences of the person;
· correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
· the views or opinions of another individual about the person; and
· the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
5. WHAT PERSONAL INFORMATION WE MAY COLLECT AND PROCESS
While using our website or engaging with us for the provision of any of our services, you may be required to provide us with your personal information. This may happen when, for example, you use our website, complete an application form, contact us (electronically or telephonically) use one of the products, services, facilities, tools or utilities offered by INVESTMED HEALTH FUND on our website or when you contract with us.
In certain instances, you may also be required to provide us with sensitive information that is classified as special personal information. The collection of this information from you, when required, will be necessary in order to provide you with our services.
Given the nature of the services we provide, we are also required to collect and process the personal information of children, for example where the child is a dependant of one of our members.
Some of the personal information that we may collect from you, could include (but is not limited to):
· Identification details such as name, surname, ID/Passport Number;
· Contact details, such as phone numbers, email addresses, physical and postal addresses;
· Personal details, such as names, family information, ages and next of kin details;
· Demographical details, such as race, and age groups;
· Information you (and/or your dependants) use to register on the website or to complete an application form;
· Health information and other special personal information, regarding your medical treatment (historic and current);
· Children’s personal information, in relation to children (under the age of 18) who are dependants under a medical scheme contract or application form;
· Biometric information;
· Financial information, such as banking information and account numbers;
· Credit information;
· Background information;
· In relation to job applicants, qualification information, CV and other personal information that may be requested throughout the recruitment process to assess and consider the job application;
· In relation to healthcare service providers, professional body registration information and practice information, and other information relevant and required for the assessment, verification, processing and payment of claims;
· When visiting our website, “cookies” or anonymised data relating to (where applicable) your location, browser type, browser version, the pages of our website that you visit, the date and time of your visit, the duration of time spent on the website pages and other applicable statistics are recorded by Google Analytics to analyse user behaviour on our website. No personally identifiable information is collected through these cookies at any point. For more information about how our website uses cookies, please refer to our website Terms and Conditions;
· When you use one of our webforms on our website, personal information may be requested and once submitted will be stored in the database of our website.
6. WHO WE COLLECT YOUR PERSONAL INFORMATION FROM
Generally, we collect your personal information directly from you as far as reasonably possible.
In certain circumstances, we may also collect your personal information from other sources, such as (but not limited to) your employer (if you are part of an employer group), your broker, your healthcare service provider, or a member (where the member provides personal information on behalf of his/her dependants). Where you share your personal information with any third party to submit the information on your behalf (for example your broker, employer, healthcare service provider) or for any other reason, we will not be responsible for any loss suffered by you or that third party in relation to how that third party processes your personal information.
Where you are a member or prospective member of INVESTMED HEALTH FUND and you include your dependants on your application, you and the dependants that you have submitted the information on behalf of understand that we will process their personal information to activate their membership with us and to provide the services that you have contracted us to provide. You confirm that you are duly authorised to share such information with us.
Generally, the collection of personal information from you and the other sources referred to above is mandatory in order to achieve the purposes that we are collecting it for (as set out below). We will notify you where the collection of certain personal information is voluntary and not mandatory. The refusal to provide us with the mandatory personal information that we may require may have an impact on our ability to provide you with our products or services.
7. THE PURPOSES THAT WE MAY USE PERSONAL INFORMATION FOR
We may collect, use, share and/or generally process your personal information (including your special personal information, where applicable) for the following purposes:
· To provide you with our products and/or services;
· To conclude or perform a contract with you, or to take any take steps linked to or necessary for the conclusion or performance of a contract with you;
· To process and assess your membership application and you and your dependants’ eligibility for membership, including to verify the accuracy, correctness or completeness of any information provided to us or our appointed Medical Aid Administrator while processing a membership application or providing services related to your membership;
· For the administration of your membership, health plan and benefits;
· To process you and/or your dependants’ instructions or requests;
· To provide, or manage the provision of, managed care services to you (where applicable);
· To communicate relevant personal information to healthcare service providers to enable you or our dependants to access benefits in terms of our Scheme Rules;
· To assess and make payment of claims;
· To comply with all legislative and legal requirements placed on us, which may include, but not be limited to, legislative reporting and document retention periods and where the law requires that information be notified to third parties (such as government institutions);
· Where applicable, for general marketing and communication purposes, where you are an existing member of INVESTMED HEALTH FUND or where we have received your consent to receive these communications. You will be given the opportunity to unsubscribe from any marketing communications, general communications and/or newsletters at any time, and with each communication received;
· To improve our services, meet your needs and manage our relationship with you, for example by asking for your feedback on the services you received from us or through the completion of a customer service satisfaction survey or through research and statistical analyses of aggregated member information;
· To perform general administrative, operational, management and performance functions and activities relating to the operation and running of our business and of our website, and for the purposes of managing our legal and operational affairs;
· To collect contributions and other money owed to us;
· For credit checking or credit reporting purposes (though a credit bureau), in order to assist INVESTMED HEALTH FUND’s decision to provide services to you or to report on any slow or non-payment of your accounts with INVESTMED HEALTH FUND to any third party;
· Where necessary, for any purposes which are in our, your, or a third party’s legitimate interest;
· For any purposes which are required or authorised by law;
· To respond to requests by government, a court of law, or law enforcement authorities investigating;
· For the purposes of underwriting and risk profiling, assessment and management;
· For statistical, analytical, research and historical purposes;
· For reporting to authorised persons and authorities, for example, the Board of Trustees
· Where you are applying for a vacancy, to process your application throughout our recruitment process;
· For the purposes of investigating and reporting suspicious behaviour or fraudulent conduct to appropriate persons and bodies;
· In relation to the use of our website, to identify, investigate and attend to any technical issues, support and user queries;
· For systems testing, maintenance and development;
· To detect, prevent or deal with any actual or alleged fraud, security breach, or the abuse, misuse or unauthorised use of the website and/or contravention of this Privacy Notice;
· For any other lawful purpose which directly relates to your membership, or which is authorised in terms of the law or our Scheme Rules.
We will not use your personal information for commercial purposes. We may however collect, use, share and/or generally process information or data that has been de-identified and/or aggregated, for example, statistical or demographic data, for any purpose.
DISCLOSURE OF YOUR PERSONAL INFORMATION
We value and respect the confidentiality and privacy of the personal information that you entrust us with. We are not in the business of selling your personal information and we will not share or disclose your personal information to anyone except as provided in this Privacy Notice and/or any contracts or terms and conditions of service concluded with us.
By using our website and/or engaging with us for the provision of services, you acknowledge and agree that we may share your personal information (including, where applicable your special personal information) in the following instances:
· If it is necessary in order to provide you with a service that you have requested or contracted us to provide or source on your behalf;
· If it is in your legitimate interest;
· If it is necessary for the proper performance of a public law duty by a public body;
· If it is required or authorised by law;
· If you have provided us with your consent;
· With our contracted Medical Aid Administrator, for the purposes of managing and administering your membership and benefits with the Fund, and for the processing of your claims with us;
· With our employees, who may require that information to perform their functions and duties;
· With your healthcare service providers to enable you or your dependants to access benefits in terms of our Fund Rules;
· With your broker, should your broker request personal information about you and your dependants. In these instances, we will only provide information that enables the relevant broker to provide you with sound advice, such as your option type and your contact details. We will not share any information about you or your dependants’ medical conditions with the relevant broker unless you and/or your dependants have given express permission to do so;
· Where you are a dependant, with the principal member, to ensure the efficient administration of your membership and benefits. This will include your health information, where relevant;
· Where you and your dependants are a member of an employer group, membership information may be shared with the employer. This will be limited to information that is relevant to you and/or your dependants’ application or information that is required for the ongoing servicing of your membership, but will not include any health information unless you and/or your dependants have given us permission to do so;
· With our contracted service providers (including our suppliers, subcontractors, partners, agents, auditors, insurance and risk advisors and our professional advisors), in order to provide you with our services, for reporting purposes or generally as required for the administration and management of our business. In these instances, we will ensure that the necessary security safeguards and confidentiality undertakings are in place to secure your personal information. We will only allow third parties to process your personal information for a specific purpose, in accordance with our instructions and in accordance with the requirements of applicable data privacy laws;
· With credit rating agencies, including personal information about any judgment or default history, should there be any default on payment to us;
· With regulators and government authorities in connection with our compliance procedures and legal obligations;
· With a purchaser or prospective purchaser of all or part of our assets or our business or the shares/interest in our Scheme, and their professional advisers, in connection with the purchase;
· With a third party, in order to enforce or defend our rights, or to address financial or reputational risks.
9. SECURING YOUR PERSONAL INFORMATION
Securing the personal information, you give us, or that we receive about you, is a priority for INVESTMED HEALTH FUND.
We take appropriate and reasonable technical and organisational security measures to protect the personal information that we process from destruction and unauthorised access.
10. HOW LONG WE RETAIN PERSONAL INFORMATION FOR
We will not retain your personal information longer than necessary. We will retain the personal information you provide to us or that we receive about you for as long as is needed to achieve the purpose that it was collected for, or for an extended period of time, even after the personal information is no longer needed to achieve the purpose that it was collected for, if the retention of your personal information records is:
· required by law or any code of conduct;
· required to meet regulatory requirements;
· needed for evidentiary purposes, to resolve disputes, to prevent or investigate fraud and abuse, or to enforce any contract concluded with you;
· reasonably required for lawful purposes that are related to INVESTMED HEALTH FUND’s function, operations or activities;
· determined necessary in accordance with our internal document retention and destruction policies;
· required for historical, research or statistical purposes. In these circumstances, we will take measures to de-identify this personal information as far as reasonably possible.
Where applicable, personal information that has been included in our customer database and that is used for marketing and communication purposes will be retained by us. When you request to unsubscribe from these communications, your contact information contained in our customer communication database will be placed into an unsubscribe list, to enable us to manage and honour your unsubscribe request. Should you require us to delete your information completely from our customer communication database, you understand that we will no longer be able to manage your unsubscribe request (as we will no longer have a record of your unsubscribe request available in our database).
11. DIRECT MARKETING
Any direct marketing done by INVESTMED HEALTH FUND will be done in compliance with the provisions of the Data Protection Act [chapter 11:22] of Zimbabwe. You will be given the opportunity to unsubscribe from any marketing communications, general communications and/or newsletters at any time, and with each communication received.
To ensure that we maintain the quality of our service offering, and to improve our services, meet your needs and manage our relationship with you we may ask members and their dependants to complete a customer service satisfaction survey or other surveys relevant to our services.
12. STORAGE AND TRANSFER OF YOUR PERSONAL INFORMATION
Given the nature of our business, we may store both hard copy and electronic records containing personal information.
Hard copy personal information records may be stored at our facilities or premises, or when archived, at a third-party document retention service provider for the duration of the applicable document retention period. We will take reasonable and appropriate measures to ensure that hard copy personal information records stored or retained by third-party service providers is done in compliance with the Data Protection Act [chapter 11:22] of Zimbabwe.
Electronic personal information records may be stored on INVESTMED HEALTH FUND’s servers and/or on third-party servers, including servers used for cloud-based software and applications used by INVESTMED HEALTH FUND for the purposes of providing you with our products and/or services and for the administration and management of our business.
While INVESTMED HEALTH FUND endeavours, as far as reasonably possible, to store your personal information locally in Zimbabwe, we may be required to transfer to and/or store your personal information on servers located outside of Zimbabwe. INVESTMED HEALTH FUND may also have third-party service providers that are located outside of Zimbabwe, which may result in your personal information being transferred and processed outside of Zimbabwe. Given the nature of INVESTMED HEALTH FUND’s business, some of this personal information may be health information or other categories of special personal information, and some of this information may include the personal information of children.
INVESTMED HEALTH FUND will take reasonable and appropriate measures to ensure that any personal information, special personal information or children’s information that is transferred outside of the borders of Zimbabwe is transferred in compliance with the requirements of the Data Protection Act [chapter 11:22] of Zimbabwe and that an adequate level of privacy protection is in place between us and these third-party service providers.
13. PROCESSING OF SPECIAL PERSONAL INFORMATION AND CHILDREN’S PERSONAL INFORMATION
Due to the nature of INVESTMED HEALTH FUND’s business as a Medical Aid, it is required to collect and process special personal information and children’s personal information in order to manage and administer your membership, health plan and benefits, assess and process claims and for the other purposes as set out in paragraph 7 of this Privacy Notice (The purposes that we may use personal information for).
All special personal information and children’s personal information collected and processed by INVESTMED HEALTH FUND will be done in compliance with the provisions of the Data Protection Act [chapter 11:22] of Zimbabwe.
14. WHAT ARE YOUR PRIVACY RIGHTS?
As a data subject, the Data Protection Act [chapter 11:22] of Zimbabwe provides you with a number of rights in relation to how your personal information is used and processed. In terms of the Data Protection Act [chapter 11:22] of Zimbabwe, you are entitled, in the prescribed manner and form, to:
· request a copy of the personal information that we hold about you (subject to and in accordance with the provisions of the Act);
· update the personal information you have given to us, in the event that the personal information is inaccurate or outdated;
· request the correction, destruction or deletion of personal information we hold about you (where legally permissible and subject to our right not to correct or delete the personal information record in certain circumstances);
· object to your personal information being processed by us (on reasonable and lawful grounds), in instances where you have a legitimate reason to believe that we are not processing your personal information in accordance with the provisions of the Data Protection Act [chapter 11:22] of Zimbabwe, and provided that we are not required to process your personal information by law; and to
· object to any processing of your personal information for the purpose of direct marketing by electronic communication, in the prescribed manner and form, or to unsubscribe from receiving any marketing or communication emails received from us by clicking the “unsubscribe” link at the bottom of any email.
We will make commercially reasonable efforts to provide you with reasonable access to any of your personal or other account information that we process and/or retain. In certain circumstances, such as when we are required to retain or withhold the disclosure of certain personal information by law, we may not be able to provide you with access to all your personal information or we may not be able to change, rectify or delete your personal information at your request. In these circumstances, we will provide you with reasons as to why your request cannot be complied with.
Members can update or correct any of the personal information held by us by contacting us either by email or phoning our Client Services Department. A copy of you and/or your dependants’ personal information held by the Fund can also be requested by contacting our Client Services Department.
15. COMPLAINTS
If you have a complaint about how we are processing your personal information, or if you wish to object to us processing your personal information or request the correction, deletion or destruction of any of the personal information records we hold about you please contact our Information Officer at info@www.investmedhealth.co.zw, in the first instance, so that we can resolve the complaint or attend to your request.
16. CHANGES TO THIS PRIVACY NOTICE
Changes may need to be made to this Privacy Notice, from time to time. We will endeavour to only make changes to this Privacy Notice where they are material, necessary and/or required as a result of legislative or regulatory changes or guidance, or any code of conduct published that may be relevant to the industry in which our business operates.
Any changes made to this Privacy Notice will be posted through an updated Privacy Notice that is loaded onto this website page. Please check this page to keep informed of any updated or revised Privacy Notice that may be posted.
17. LAWS APPLICABLE TO THIS PRIVACY NOTICE
This Privacy Notice is governed by the laws of the Republic of Zimbabwe, and you hereby consent to the jurisdiction of the Zimbabwean courts in respect of any dispute which may arise out of or in connection with the formation, interpretation, substance or application of this Privacy Notice.