Privacy

Terms & Conditions and Practice Privacy Policy

Terms and Conditions of Website Use 

Updated: January 2023

This website is owned and operated by Dr. SM Cornish Inc. (“the practice”).

At Dr. SM Cornish inc. (“us”,”we” or the “Company”) we value your privacy and the importance of safeguarding your data. This Privacy Policy (“Privacy Policy”) describes our privacy practices for the activities set out below. As per your rights, we inform you how we collect, store, access and otherwise process information relating to individuals. In this Policy, “Personal Data” refers to any information that on its own, or in combination with other available information, can distinguish an individual.

The following terms and conditions govern the use of this website and by accessing this website, you consent and agree to the following terms and conditions.

Scope

This policy applies to the Dr. SM Cornish inc. websites and domains.

This policy does not apply to third-party applications, websites, products, services or platforms that may be accessed through (non Dr. SM Cornish inc.) links that we may provide to you. These sites are owned and operate independently from us, and they have their own separate privacy and data collection practices. Any personal data that you provide to these websites will be governed by the third-party’s own privacy policy. We cannot accept liability for the actions or policies of these independent sites, and we are not responsible for the content or privacy practices of such sites.

1. Purpose of this Website

1.1 The purpose of this website is to provide existing and potential patients with a platform to access information regarding the practice and insight into the scope of services rendered. 

1.2 The website also provides users with the practice’s contact information to facilitate in the process of making an appointment; this includes access to LogBox, a third-party platform. In addition, for the interest of users – articles are periodically published that pertain to urological interests and conditions relevant to that of the medical speciality.

2. Conditions of Access and Use

2.1. Terms and conditions of access to this website, which on occasion is amended, constitute a binding agreement between you (the “user”) and the practice. 

2.2. These terms and conditions will govern our respective rights and obligations each time you access the website. In addition, you are expected to have read and agreed to these terms and conditions each time you access this website. 

2.3. In the event that you do not agree with any of the provisions of this agreement and do not wish to be bound by these terms and conditions, you access to and use of this website should be terminated immediately. 

2.4. Access to the website may be limited or completely restricted due to routine maintenance or unforeseen necessary repairs.

3. Third Party Links

3.1. This website may contain links to other websites belonging to or operated by third parties (“third part websites”) and advertising, with illustrations and/or text. 

3.2. By making hyperlinks and advertisements available, we do not endorse such third party websites, their content, products or services they offer or the owners of such third party websites or the products or services being advertised and endorsed, nor do we give any warranty in regard to the content, accuracy, suitability or fitness for purpose of any material, information or data contained in or linked to any advertisement on the website. 

3.3. Since the practice has no control over the content or security of third party websites, we will not be liable for any loss or damage you may unfortunately incur, whether directly or indirectly as a result of your use of third party websites or the products and/or services advertised. 

3.4. You agree that where you access any third party websites or make use of products and/or services advertised on the website, you do so entirely at your own risk.

4. Information Protection

4.1. Information gathered and stored by the server is merely for analytical purposes and cannot be used to identify you as a natural person. 

4.2. The practice takes all reasonable steps to protect the contents of the website and the information provided by and collected from users, from unauthorized access, dissemination and/or disclosure. However, no warranties or representations can be made that the content herein is 100% safe or valid at all times.

Personal Data we Collect

Data You Provide
When you submit a query form, we collect data as part of the query information.
This data includes:

  • Personal information being; name, surname, email address and contact number
  • Relevant medical information to your query submitted at your discretion

If you provide us, or our service providers, with any Personal Data relating to other individuals, you represent that you have the authority to do so and acknowledge that it will be used in accordance with the Privacy Statement. If you believe that your Personal Data has been provided to us improperly, or to otherwise exercise your rights relating to your Personal Data, please contact us by using the information provided under the Contact Us section of the website.

Device and Usage Data
When you visit Dr. SM Cornish inc. website/webpage, we automatically collect and store information about your visit using browser cookies (files which are sent by us to your computer), or similar technology. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The Help Feature on most browsers will provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie. If you do not accept cookies, you may not be able to use some features of our service and we recommend that you leave them turned on.

Data we Collect from Third Parties
We may receive your personal data from third parties such as companies subscribing to Dr. SM Cornish inc. services, partners and other sources. This information is not collected by us but by a third party and is subject to the relevant third party’s own separate privacy and data collection policies. We do not have any control or input on how your personal data is handled by third parties. As always, you have the right to review and rectify this information. If you have any questions you should first contact the relevant third party for further information about your personal data. Where that third party is unresponsive to your rights, you may contact the Data Protection Officer at Dr. SM Cornish inc. and we can attempt to assist you.

Our websites and services may contain links to other websites, applications and services maintained by third parties. The information practices of such other services, or of social media networks that host our branded social media pages, are governed by this parties privacy statements, which you should review to better understand those third parties privacy practices.

Purpose and Legal Basis for the Processing of Personal Data
We collect and use personal data about you with your consent to provide, maintain and develop our products and services and understand how to improve them.

Where we process your personal data to provide a product or service, we do so because it is necessary to perform contractual obligation. All of the above processing is necessary in our legitimate interests to provide products and services and to maintain our relationship with you and to protect our business for example, against fraud. Consent will be required to initiate services with you. New consent will be required if any changes are made to the type of data collected. Within our contract, if you fail to provide consent, some services may not be available to you.

Sharing and Disclosure
We will share your personal data with third parties only in the ways set out in this Policy or set out at the point when the personal data is collected.

We also use Google Analytics to help us understand how our customers use and interact with the site. You can read more about how Google uses your Personal Information here:
https://www.google.com/intl/en/policies/privacy/

You can also opt-out of Google Analytics here:
https://tools.google.com/dlpage/gaoptout

We may also use your Personal Information to provide you with targeted marketing via advertisements or communications (such as newsletters).

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at:
http://www.networkadvertising.org/understanding-online-advertising/how-does-it-work

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at:
http://optout.aboutads.info/

Legal Requirement
We may use or disclose your personal data in order to comply with a legal obligation, in connection with a request from a public or government authority, or in connection with court or tribunal proceedings, to prevent loss of life or injury, or to protect our rights or property. Where possible and practical to do so, we will tell you in advance of such disclosure.

Service Providers and Other Third Parties
We may use a third party service provider, independent contractors, agencies or consultants to deliver and help us improve our products and services. Service providers may be within or located outside the EEA. We may share your personal data with marketing agencies, database service providers, backup and disaster recovery service providers, email service providers and others but only to maintain and improve our products and services. For further information on the recipients of your Personal Data, please contact us by using the information provided in the Contact Us section of the website.

Your Rights to Your Personal Data
Depending on your geographical location and citizenship, your rights are subject to local privacy regulations.
These rights may include:

  • Right to Access (PIPEDA, GDPR Article 15, CCPA, LGPD)
    You have the right to request a copy of the personal data we are processing about you.
  • Right to Rectification (PIPEDA, GDPR Article 16, LGPD)
    You have the right to have incomplete or inaccurate personal data that we process about you rectified.
  • Right to be Forgotten (Right to erasure)(GDPR Article 17, CCPA, LGPD)
    You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
  • Right to Portability (PIPEDA, GDPR Article 20, LGPD)
    You have the right to obtain personal data we hold about you, in a structured electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you or the third party that subscribes to Dr. SM Cornish inc. services.
  • Right to Objection (GDPR Article 21, LGPD)
    Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for processing which override your interest and rights, or if we need to continue to process the data for the establishment, exercise or defence of legal claims.
  • Right Not to be Discriminated (CCPA)
    You have the right to not be denied service or have an altered experience based on having executed any of your CCPA rights.

Withdrawing Consent
If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge, such as where you wish to unsubscribe from marketing messages that you receive from us. If you wish to withdraw your consent, please contact us using the information found on the Contact Us page.

How to Exercise Your Rights
You can make a request to exercise one of these rights in relation to your personal data by sending the request to our office, using the contact details on the Contact Us page of the website.
For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information.

5. Intellectual Property

5.1. By consenting to the use of this website, you acknowledge and agree that content found herein is the property of Dr. SM Cornish Inc. 

5.2. All content made available by this website is the intellectual property of the practice, unless otherwise stipulated. Images, research and articles of interest are compiled using sources with the appropriate accreditation and citation. 

5.3. This website features content related to medicine and medical developments, practices and procedures. Such content is intended to provide general information and guidance only, and should not be regarded as a substitute for seeking medical advice in relation to particular circumstances.

6. Website Analytics and Cookies

What are Cookies?
A cookie is a small file with information that your browser stores on your device. Information in this file is typically shared with the owner of the site in addition to the potential partners and third parties to that business. The collection of this information may be used in the function of the site and/or to improve your experience.

How we use Cookies
To give you the best experience possible, we use the following types of cookies:

  • Strictly necessary – As a web application, we require certain necessary cookies to run our service
  • Preference
    • We use preference cookies to help us remember how you like to use our service.
    • Some cookies are used to personalise content and present you with a tailored experience. For example, location could be used to give you services and offers in your area.
  • Analytics
    • We collect analytics about the types of people who visit our site to improve our service and product.
  • Marketing
    • We share cookies with third party advertisers and/or partners to help provide you with a personalised marketing experience.

6.1. Please take the time to read the following cookie policy in order to make an informed decision as to whether you accept the use of website cookies. 

6.2. What are cookies? Cookies are simple text files that are stored on your computer or mobile device by a website’s server. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier’s, website’s domain name, and some digits and numbers. 

6.3. Types of cookies used by this website are necessary cookies and analytical cookies. 

6.3.1. Necessary cookies allow us to offer you the best possible user experience when accessing and traversing the website and using its features. For example, these cookies recognise which pages of the website you’ve been to or if you’re a first-time visitor. Necessary cookies include first-party cookies. The following is a list of the type of data first-party cookies collect: 

6.3.1.1. Date and time of access 

6.3.1.2. Browser type and operating system 

6.3.1.3. Referring page (if any) 

6.3.1.4. Links that could’ve connected you to the website 

6.3.1.5. IP address 

6.3.2. Analytical cookies enable us and certain third-party services to collect aggregated data for statistical purposes on how visitors use the website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the website. Analytical cookies are similar to that of first-party cookies. 

6.4. How to delete cookies – As is your prerogative, if you want to block or delete cookies that are set by our website or that of any other, you can do so through your browser settings. Alternatively, visit http://www.internetcookies.org, which contains comprehensive information on how to do so across a multitude of devices and browsers. 

6.4.1. Retention & Deletion – We will only retain your personal data for as long as necessary for the purpose of which that data was collected and to the extent required by applicable law. When we no longer need personal data, we will remove it from our systems and/or take steps to anonymise it.

6.4.2. Children’s Privacy – We will not knowingly collect personal data from children under the age of 16 years.

6.5. Please feel free to contact the practice or information officer, should you have any concerns or problems with this cookie policy.

7. Breach Disclaimers and Limitations of Liability

7.1. Although all precautions have been taken to ensure that the content on the website is accurate and that you suffer no loss or damage as a result of your use of this website. This website and the online services are provided “as is”. 

7.2. Use of this website and online services is entirely at your own risk. You assume full responsibility for the risk or loss resulting from your use of this website and your reliance on the material and information contained on it. 

7.3. Save for any liabilities that cannot be restricted by law, the practice and its employees are not liable for any damages or expenses whatsoever relating to your use of this website or the use of linked pages or the information contained on this website or your inability to use or access this website or system failure or computer virus. 

7.4. This includes, without limitation, any direct, indirect, special, incidental, consequential, loss of profit, punitive damages or expenses, whether arising out of contract, statute, delict, law or otherwise and regardless of whether we were expressly advised of the possibility of such loss or damage. 

7.5. Without detracting from the generality of the aforementioned points, we will not be liable for: 

7.5.1. Any interruption, malfunction, downtime or other failure of the website or online services, our systems, databases or any of its components, for whatever reason; 

7.5.2. Any loss or damage with regard to patient data or other data directly or indirectly caused by malfunction of our system, third party systems, power failures, unlawful access to or theft of data, computer viruses or destructive code on our systems; programming defects or negligence on our part.

8. Termination of Access

8.1. You agree that the practice, in its sole discretion, at any time, for any reason or no reason, terminate your access to this website and any account(s) you may have in connection with this site.

9. Jurisdiction

9.1. By using this website, you agree that the use is at your own risk. 

9.2. The privacy policy and terms and conditions are governed by the laws of the Republic of South Africa (RSA), and you consent to the jurisdiction of the South African courts in respect of any dispute which may arise out of or in connection with the formation, interpretation, substance or application of this privacy policy.

10. Amendments to Website and Terms and Conditions

We may modify this Policy at any time. If we make changes to this Policy then we will post an updated version of this policy on this website. When using our service, you will be asked to review and accept our Privacy Policy. In this manner, we may record your acceptance and notify you of any future changes to this policy.

10.1. Dr SM Cornish Inc. may amend the terms and conditions as well as the privacy policy at any time. In such an event you will be notified of any material changes within an appropriate amount of time. Prior to any future changes, it would be within your best interests to familiarise yourself with our privacy policy. 

10.2. The practice may modify, suspend or discontinue the website whether it be temporarily or permanently, without notice.

Complaints
If you have a complaint about this policy or any element of your personal information that we hold then please contact the practice. If you are not satisfied, then you have the right to lodge a complaint with the local data protection authority.

Practice Privacy Policy 

Updated: June 2021

In accordance with the Protection of Personal Information (POPI) Act (2013), Dr SM Cornish Inc. takes every neccessary precaution when it comes to safely; collecting, storing and accessing your personal information.

Definitions

As stipulated by the Protection of Personal Information (POPI) Act (2013) 

Updated: July 2022 

“Consent”: means any voluntary, specific and informed expression of will in terms of which permission is given for the processing of personal information;

“De-identified” in relation to personal information of a data subject, means to delete any information that –

(a) Identifies the data-subject 

(b) Can be used or manipulated by a reasonably foreseeable method to identify the data subject; or 

(c) Can be linked by a reasonably foreseeable method to other information that identifies the data-subject

“Filing System”: means any structured set of personal information, whether centralised, decentralised, or dispersed on a functional or geographical basis, which is accessible according to a specific criteria;

“Personal Information”: means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to –

(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethinic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; 

(b) information relating to the education or the medical, financial, criminal or unemployment history of the person; 

(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person; 

(d) the biometric information of the person; 

(e) the personal opinions, views or preferences of the person; 

(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; 

(g) the views or opinions of another individual about the person; and 

(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.

“Private body”: means –

(a) a natural person who carries or has carried on any trade, business or profession, but only in such capacity; 

(b) a partnership which carries or has carried on any trade, business or profession; or 

(c) any former or existing juristic person, but excludes a public body.

“Processing”: means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including –

(a) the colletion, receipt, recording, organisation, collation, storage, updating or modifocation, retrieval;, alteration, consultation or use; 

(b) dissemination by means of transmission, distribution or making available in any other form; or 

(c) merging, linking, as well as degradation, erasure or destruction of information;

This notice explains how we obtain, use and disclose your personal information in accordance with the requirements of the Protection of Personal Information Act (“POPIA”), 2013. 

At Dr. SM Cornish Inc. (“the practice”) we are committed to ensuring that your personal information is collected and used properly, lawfully and transparently.

1. Introduction

1.1 Welcome to Dr. SM Cornish Inc. a specialist urologist private practice. 

1.2 This privacy policy serves to inform existing and prospective patients on how personal information (which encompasses medical information) is collected, used and stored within the practice. 

1.3 For the purposes of this privacy policy, Personal information will be understood in accordance with the definition provided in the Protection of Personal Information Act 4 of 2013 (“the Act”) and in accordance with definition of Personal Data in Article 4(1) of the General Data Protection Regulation (GDPR). 

1.4 By adhering to this privacy policy, it is the practice’s goal to uphold legitimate business interests as well as the patient’s reasonable expectation of and right to privacy. Therefore, all reasonable and appropriate steps will be taken in order to prevent unauthorised access to, or disclosure of your personal information/data. 

1.5 This privacy policy includes your consent as mentioned in Section 69 of the POPIA and/or Article 7 of the GDPR. 

1.6 The registered information officer for the practice is Samantha Cornish.

2. The Information we Collect

2.1 We collect and process your personal information mainly to; contact you, for the purposes of understanding your requirements and in order to deliver the correct services and treatment accordingly. 

2.2 We collect information directly from you where you provide us with your personal information and details. Where possible, we will inform you as to what information you are required to provide and what information may be optional. 

2.3 Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information. 

2.4 All information collected will be treated and remain in a secure environment in terms of the POPIA prescriptions and will be used for the sole purposes described herein and which purposes are allowed in the POPIA such as historical, research and statistical purposes and to ensure that service delivery to you as the owner of the personal information is enhanced. 

2.5 As a patient, one will be expected to provide the following details: 

2.5.1 Full name and surname 

2.5.2 Postal and physical address 

2.5.3 Contact details (telephone, cell phone and email) 

2.5.4 Identification/passport number 

2.5.5 Date of birth 

2.5.6 Medical aid provider, plan and membership number 

2.5.7 Marital status 

2.5.8 Medical information: medical conditions and history, current medication, allergies, (certain) lifestyle choices, adverse events, family history and risk factors. 

2.5.9 Next of kin details 

2.6 Information is collected in the following ways: 

2.6.1 Patients are able to use the platform LogBox to securely update and submit their personal information/data online. 

2.6.2 During the initial consultation, new patients are required to provide their personal information/data in order to create a new patient profile. This entails filling in details on a physical file as well as answering general medical questionnaires pertinent to your reason for requiring treatment. 

2.6.3 Referring doctors may provide the practice with your personal information/data as well as medical reports if necessary.

3. How we use Your Information

3.1 Your personal information will only be used for the purpose of its collection and within the parameters of your consent. In addition, as stipulated in (2.4), where necessary your information may be retained for legal and historical, research and statistical purposes. 

3.2 The information we collect is processed and primarily used for: 

3.2.1 Contacting you as the patient or your next of kin 

3.2.2 To facilitate in providing you with treatment 

3.2.3 Settling accounts and submitting claims to your medical aid 

3.3 Personal information/data gathered is used to submit to your medical aid as well as in the process of attaining authorisation for medical treatment. 

3.4 De-identified information may be used for research and teaching purposes.

4. How is Your Personal Information Stored and Protected

4.1 Your personal and medical information is stored in the following ways: 

4.1.1 Physical paper files (stored in secure, locked facilities) 

4.1.2 Electronically (the practice utilises two secure, POPIA complaint platforms called VeriClaim and LogBox (Pty) Ltd, to store your personal information digitally) 

4.1.3 Visual records (e.g. x-rays, CT/MRI scans and images; which are stored electronically or on physical CD’s) 

4.2 Your information is integral to the practice, and we value the personal information/data that you as the patient disclose to us. The practice will take all necessary, appropriate, technical and organisational steps in order to protect your personal information/data from the following: 

4.2.1 Loss 

4.2.2 Misuse 

4.2.3 Unauthorised access 

4.2.4 Unauthorised alteration 

4.3 The practice stores patient personal information/data in databases with built in safeguards to maintain the privacy and confidentiality of your personal information/data. 

4.4 Should you have any queries or concerns regarding how your personal information/data is stored and protected, please submit a written message to our information officer.

5. Patient Consent

5.1 The practice and its staff will only interpret and apply a patients consent for the initial purpose it was provided for.

6. Disclosure of Personal Information

6.1 The practice will require your consent in order to disclose your personal information to third parties/affiliates, unless there is a circumstantial or legally justifiable reason for doing so without your consent. 

6.2 Circumstances in which personal information may be disclosed: 

6.2.1 With the express consent from the patient. 

6.2.2 With the written consent of a parent or guardian in the case of a minor. 

6.2.3 In the case of a deceased patient, written consent from the next of kin or executor of the deceased’s estate. 

6.2.4 At the instruction of the courts. 

6.2.5 In terms of Statutory provision. 

6.2.6 In the case of a medical emergency.

7. Information Security

7.1 The practice is legally obliged to provide adequate protection for the personal information you disclose and prevent unauthorised access and use of such information. The practice will continue to review our security controls and related processes to ensure that your personal information remains secure. 

7.2 The practices security policies and procedures cover: 

7.2.1 Physical security 

7.2.2 Computer and network security 

7.2.3 Access to personal information 

7.2.4 Secure communications 

7.2.5 Security in contracting out activities and functions 

7.2.6 Retention and disposal of information 

7.2.7 Acceptable and appropriate usage of personal information 

7.2.8 Governance and regulatory issues 

7.2.9 Monitoring access and usage of private information 

7.2.10 Investigating and reacting to security incidents 

7.3 When we contract with third parties, the practice imposes appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure. 

7.4 We will ensure that anyone to whom we distribute your personal information agrees to treat your personal information with the same level of protection as we are obliged to. 

7.5 The practice cannot be held liable in the event of improper dissemination, disclosure or misuse of your personal information by third parties.

8. Third Parties and Associates

8.1 Dr SM Cornish Inc. is affiliated with third-party service providers as well as associate Doctors, specialists and surgeons. In the event that you require the services of an affiliate and registering as a patient and accepting treatment, you are consenting to the disclosure of your personal information to the relevant associate parties. 

8.2 The practice has contractual agreements with the following third parties: 

8.2.1 VeriClaim, by MediCharge: http://www.medicharge.co.za 

8.2.2 LogBox (Pty) Ltd.: http://www.logbox.co.za 

8.2.3 Medtronic South Africa : http://www.medtronic.com 

8.2.4 Astellas Pharma Inc.: http://www.astellas.com

9. Your Rights: Amending and Accessing Your Personal Information

9.1 As a patient of the practice, you have an obligation to keep your details up to date. In order to access and/or amend your personal information/data, contact the practice telephonically or submit a request via email. 

9.2 For the practice to safely and securely provide you with your personal information, you will be required to provide a valid form of identification as well as complete an information release request form. 

9.3 In the event that the personal information/data is that of a minor or natural person in care, the request and consent must be provided by a; parent, legal guardian, designated caregiver or the next of kin. 

9.4 The same process applies when requesting to have personal information/data distributed to other healthcare providers. 

9.5 Please note, certain requests may be subject to a payment of a legally allowable fee.

10. Privacy Complaints

10.1 Dr. SM Cornish Inc. takes your right to privacy as seriously as you should. The practice staff understand the sensitive nature of personal and medical information. Should you have complaints or queries, we request that you make a submission in writing to the practice or the information regulator.

11. Practice Obligations

11.1 The practice will: 

11.1.1 Provide a copy of the privacy policy upon request 

11.1.2 Ensure staff comply with the POPIA and deal appropriately with inquiries and concerns 

11.1.3 Collect personal information for the primary purpose of managing a patient’s healthcare and for financial claims and statements