Privacy Notice
Masoom Training Solutions; Pty Ltd 2011/000057/07 +27 11 807 2813 Email info@masoom.co.za www.masoom.co.za 21 Woodlands Drive, CountryClub Estate, Woodmead, 2128. BBBEE Level 1 certified |
V5_updated 01 June 2023 |
PRIVACY STATEMENT
Purpose
Masoom Training Solutions, hereafter referred to as MTS, recognises that the personal information it receives is held in a position of trust. MTS seeks to fulfil that trust by adhering to general principles regarding the protection of personal information. The purpose of this Privacy Statement is to provide a summary of how MTS collect, use, share and otherwise process personal information, in a manner that is compliant, ethical, adheres to industry best practice and applicable protection of personal information legislation as enacted from time to time.
Scope
This Privacy Statement applies to all the personal information that MTS collects. However, some MTS collections involve types of data with special requirements (for example, health information) which require a different privacy notice. Whenever that is the case, MTS will make it clear that the privacy notice concerned is different from this Privacy Statement.
Definitions
- Supplier Companies, hereafter referred to as Clients: Supplier Companies are suppliers of medical products to the healthcare industry and include pharmaceutical, IVD and medical device companies
- Company Representatives (CR), hereafter referred to as CRs: Company Representatives are employees of supplier companies and require access into healthcare facilities to sell, educate, support or maintain medical products.
- Client Point of Contact (POC), hereafter referred to as Client POC: The Client POC is the employee assigned by the supplier company to be the primary contact person for MTS
- Learner: refers to any person enrolled into one or more MTS training programmes
Information collection
MTS may ask you to provide personal information for the following purposes :
- Whenever you complete an application form or contact us electronically
- When consumers interact with us, such as when visiting our websites, in-app contact feature, using or purchasing our products or services, contacting customer service and when interacting with us as a business customer, supplier or business partner
- Registering on our platforms for consideration to be enrolled into a MTS training programme or enrolling into one or more training programmes offered by MTS
- When you provide your resume or CV, including work history, professional qualifications, publications, awards, references, completed trainings, and signature
- When CRs scan the Digital CRICE Access Card when entering and exiting healthcare facilities.
- Maintaining an Electronic Visit Log to document presence of company representatives in healthcare facilities.
- Participating in MTS online communities, including social media platforms
- Resolving client technical, product and/or service related issues
Personal information collected may include:
- Client POC information: name, ID number, email address, contact number
- CR Information: name, ID number, email address, confirmation of Hep B vaccination status or exemption, contact number
- Observer: professional registration, name
- Hospital Point of Contact (HPOC): email address, contact number
- Learner: name, ID, email, contact numbers, qualifications, certification, work experience, education, publications, awards, references qualifications, publications, awards, references, completed trainings, and signature
We value the information that you choose to provide us with and will therefore take reasonable steps to protect above personal information from loss, misuse or unauthorised alteration.
CRICE Applications
MTS has developed CRICE desktop and mobile applications in compliance with the Consumer Protections Act of South Africa. Technical features have been designed to maintain confidentiality and respect consenting (example, the client has a secure portal to enrol their own staff, use of pop-up messages requiring real time permission, etc)
- MTS sells CRICE to supplier companies, hereafter referred to as Clients. Clients contact MTS for registration and assign a dedicated point of contact. MTS obtains the Name, email address and Identity Number of the Client POC.
- The Client POC is given access to a portal to enrol their employees, hereafter referred to as Company Representatives (CR). MTS do not enrol unless specifically requested to do so on behalf of the POC.
- The CR information captured by the Client POC includes name, email address, ID number and cell phone. A valid ID number is required for the issuing of the course certificate and digital crice access card.
- The Client POC is in full control of CR accounts and is able to enrol, transfer, deactivate CR accounts on his/her POC system.
- The information for the Client POC and CR is maintained confidentially and is not shared with any third party apart from the facility the CR is entering as part of the electronic visit/attendance register.
- An electronic visit/attendance register is created every time a CR scans the Digital CRICE Access Card, a copy of which is shared only with the facility they have actually entered and with the Client POC. The information on the log is limited to name, email address, date and time entered/exited and cell phone. The facility may utilise this log to monitor and control access, investigate incidents or complaints, verify training and technical input by CR or for any other legitimate business purpose.
- The CR must download the mobile digital access card themselves and must grant consent for the application to access their camera and location which is required at the time of scanning.
- CRICE applications do NOT track CRs movement. Only at the exact time of scanning is GPS location required; not before and not after.
- The CR makes all inputs on crice app and is free to choose whether to do so or not.
Consenting and acceptance.
MTSwill keep your personal information confidential. We are committed to protecting your right to privacy. You have the right to object to the processing of your personal information and have a choice whether or not to accept these terms and conditions.
However, it is important to note that we require your acceptance to service you. By providing MTS with your personal information and/or continuing to use MTS products and services, you consent to MTS processing your personal information which MTS undertakes to process strictly in accordance with this Privacy Statement.
Consenting and acceptance may apply to the following:
- Prior to entry of Personal Information on MTS platforms, the Client POC must obtain informed consent from their CRs whose access into facilities will be controlled and monitored. Such consent should include the retention of the electronic visit/attendance register by facilities and use of this register to monitor and control access, investigate incidents or complaints, verify training and technical input by CR or for any other legitimate business interest.
- for use of personal information pertaining to identifiable individuals for external publishing (videos, photos etc)
- for establishment or performance of a contract
- for legitimate interest of MTS, e.g. where MTS collects contact information and preferences for MTS organised events
- Where MTS requests Personal Information directly from the CR on mobile applications, consent will be requested by giving the CR the option to select ‘I do not wish to provide this information’. If the CR choose not to provide the personal information reasonably required, it may hinder MTS ability to provide the information or services the CR requires
- CRs download the mobile application and access the desktop application of their own volition and must personally access and grant permission for their Digital CRICE Access Card to scan a QR Code when accessing healthcare facilities, in order to register their visit in real-time and via monthly attendance/visit registers. In doing so, CRs are consenting to the completion and storage of electronic attendance register which will include CR name, email and cell number and which will only be shared with the healthcare facility the CR is entering and the Client POC.
- MTS will not disclose your personal information without your consent unless:
- If we are required to do so by law or court order
- If disclosure is in the public interest
- It is necessary to protect our rights
Information Security
The security and confidentiality of your personal information matters to us. For this reason, MTS has physical, technical and administrative controls in place to protect your personal information from unauthorised access, use and disclosure. MTS evaluates these safeguards on an ongoing basis to help minimise risks from new security threats as they become known. Masoom Training Solutions Pty Ltd complies with the provisions of all applicable legislation related to the processing of Personal Information, including by:
- Taking appropriate technical and organisational measures and physical security measures to prevent the unauthorised or unlawful processing of Personal Information (as defined in the legislation) and/or accidental loss or destruction of, or damage to, Personal Information
- Processing Personal Information under this Agreement only in accordance with client instructions, or as required by law or any Authority
- Not disclosing Personal Information except in accordance with client instructions or as required by law or any Authority.
- All Personal Information will be held securely and whenever the Company sub-contracts or outsources other organisations to process any of your Personal Information on our behalf, we will bind these service providers by way of a Data Operator Agreement to perform such processing of your Personal Information.
- Data Loss Prevention (DLP):Technical safeguards are in place to the transmission of personal data outside the network.
- Incident Response Plan (IRP):A IRP is in place to notify the relevant without undue delay of a breach.
- Masoom Training Solutions Pty Ltd may disclose the Personal Information to its personnel on a need to know basis. Masoom Training Solutions Pty Ltd will take reasonable steps to ensure the reliability of its personnel who have access to the Personal Information, including by ensuring that such personnel:
- are aware of their obligations under this Agreement and all applicable legislation related to the processing of Personal Information; and
- are notified that any unauthorised processing or disclosure of the Personal Information may lead to disciplinary action under their contract of employment or the termination of their engagement with MTS as appropriate.
- Identity and Access Management (IDAM): MTS has IDAM controls in place to limit access to personal data for authorized employees. Employees have access only to information or systems applicable to their job function. Only those who need access to personal information to perform their job have access and have received appropriate privacy training.
We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure. Our security procedures include but are not limited to:
- Physical security
- Computer and network security
- Secure communications
- Retention and disposal of information
- Monitoring access and usage of personal information
- Investigating and reacting to security incidents.
Right to access information
You may request details of personal information which we hold about you. We will take all reasonable steps to confirm your identity (copy of your ID document) before providing details of your personal information in respect of a formal request for such information.
Your rights over your information
You have the right to ask us to update, correct or delete your personal information, unless the law requires us to keep it. Where we cannot delete your personal information, we will take all practical steps to de-personalise it. Where MTS is required by law to collect and keep personal information, we shall do so.
If you believe that any personal information we are holding about you is incorrect or incomplete, please contact us as soon as possible, at info@masoom.co.za. We will promptly correct any personal information found to be incorrect.
You may always choose to object to the collection or use of your personal information or to have your information erased. However, this may hinder MTS ability to provide the information or services you require.
Third-Party Risk Management
- Your privacy is important to us. We will therefore not sell, rent or provide your personal information to unauthorised entities or other third parties for their independent use without your consent.
- MTS does not share your personal information with unaffiliated third parties for their own direct marketing or other purposes.
- MTS may share personal information we have collected with companies or agents doing technological maintenance or working on our behalf to help fulfil business needs, including providing customer services and distributing marketing communications. Other service providers that may be used to perform certain functions on our behalf and to whom personal information may be disclosed in order to perform their intended function include but is not limited to, call-centre support, sending or processing postal or electronic mail or hosting information on cloud-based servers.
- When we contract with third parties, we impose and bind them to appropriate security, privacy, and confidentiality obligations to ensure that personal information that we remain responsible for, is kept secure. We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
Use of Cookies
This website and/or associated mobile applications uses cookies to improve your experience while you navigate. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website or mobile application. We also use third-party cookies that help us analyze and understand how you use this website or mobile application. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
MTS Services or products
Provided you have agreed to this, we may use your personal or other information to send you information on new services or products that may be of interest to you. This may include mail, e-mail or SMS information concerning us, our products and services, or our partners and their products or services. If you do not wish to continue receiving this information you may contact us and we will remove you from our mailing list.
Cross-Border Transfers
To the extent personal information is transferred out of the country or where the owner of that personal information lives in other countries, different standards may apply to how your data is used and protected in those countries. MTS has appropriate safeguards in place in accordance with applicable legal requirements to ensure that data is adequately protected irrespective of the country. This includes obtaining written assurances from any third party given access to your data so as to require them to adopt standards that ensure an equivalent level of protection for data as that adopted by MTS .
Privacy Statement for Children
MTS will not collect personal information from anyone we know to be under the age of 18 without the prior, verifiable consent from his or her legal representative. Such legal representative has the right, upon request, to view the information provided by the child and/or to require that it be deleted.
Retention of Information
MTS will retain your personal information for as long as reasonably necessary to comply with legal obligations or for no longer as required for legitimate business purposes.
Updates to Privacy Statement
We reserve the right to amend the privacy and security statement at any time. All amendments to the privacy and security statement will be posted on the website. Unless otherwise stated, the current version will supersede and replace all previous versions of the privacy and security statement.
How to contact us
If you have any queries about this notice; you need further information about our privacy practices; wish to withdraw consent; exercise preferences or access or correct your personal information, please contact us at the numbers/addresses listed on this letterhead or on our website.
Your right to complain
If you believe that MTS has used your personal information contrary to this Privacy Statement, you have the right to lodge a complaint with the Information Regulator, under POPIA, but we encourage you to first contact MTS to resolve the complaint.
If, thereafter, you feel that we have not resolved your complaint adequately, kindly contact the Information Regulator at: |JD House | 27 Stiemens Street | Braamfontein | Johannesburg | 2001 or |PO Box 31533 |Braamfontein| Johannesburg | 2017.