STATMed Privacy Policy

Last updated: December 2025

1. Introduction

STATMed Pathology (Drs Hudson & Swart Inc.) ("STATMed", "we", "our") is committed to protecting the privacy, confidentiality and security of personal information that we process in providing blood testing and related pathology services.

This Privacy Policy explains how we collect, use, store, share and protect personal information, including health information, in accordance with the Promotion of Access to Information Act 2 of 2000 (PAIA), the Protection of Personal Information Act 4 of 2013 (POPIA), and good practice for medical laboratories aligned with ISO 15189 requirements.

2. Scope of this Privacy Policy

This policy applies to all personal information processed by STATMed in connection with:

3. What information we collect

As a blood testing laboratory, we collect and process the following categories of personal and special personal information:

4. How we collect information

We collect personal information directly and indirectly, for example:

5. Why we process personal information

We process personal information only for lawful purposes related to the operation of a medical laboratory. These include:

6. Legal basis for processing

Depending on the context, we rely on one or more of the following legal grounds to process personal information:

7. Sharing of information

We do not sell personal information. We share information only where necessary and appropriate, for example with:

8. Cross-border transfers

Some of our technology services (for example, secure email, cloud hosting or backup services) may be provided from outside South Africa. Where personal information is transferred across borders, we take reasonable steps to ensure that the recipient is subject to legally binding obligations to provide a level of protection that is substantially similar to that required under POPIA.

9. Information security

STATMed maintains technical and organisational measures designed to protect the confidentiality, integrity and availability of personal information, consistent with POPIA and ISO 15189 principles. These include:

10. Retention of records

STATMed keeps personal and laboratory records only for as long as necessary to fulfil the purposes set out in this policy and to meet legal, regulatory and professional requirements. In particular:

Once no longer required, records are securely destroyed or de-identified in line with our retention schedules.

11. Your rights

Under POPIA and PAIA, and subject to certain limitations, you have the right to:

Requests to exercise these rights may be made using our contact details below. In some cases, we may require additional information to verify your identity or authority before acting on a request.

12. Children and incapable patients

Where tests relate to children or patients who are not legally able to provide informed consent, we will obtain information and manage access to results through a parent, guardian, curator or other legally authorised representative, in accordance with applicable laws.

13. Complaints

If you have concerns about how we process your personal information, please contact us first so we can attempt to resolve the issue.

You also have the right to lodge a complaint with the Information Regulator of South Africa if you believe that we have not complied with POPIA or PAIA in our handling of your personal information.

14. Contact details

For privacy-related queries, requests or complaints, please contact:

15. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal or regulatory developments, or best practice for medical laboratories. The most recent version will be made available on our website or on request.