Privacy Policy | MzansiHealthcare Skip to content
🔒 Privacy • South Africa (POPIA)

Privacy Policy

Effective: 11 November 2025. This Privacy Policy explains how mzansihealthcare.com ("MzansiHealthcare") collects, uses, shares and protects information. We follow the Protection of Personal Information Act, 2013 (POPIA). For EU/UK visitors we provide additional GDPR notices.

Terms of Service → Help Centre

1) Who we are (Responsible Party)

MzansiForSho (Pty) Ltd trading as MzansiHealthcare ("we", "us") is the Responsible Party under POPIA.

If you interact with providers (e.g., clinics or pharmacies), they may be separate Responsible Parties for their own records. This policy covers our marketplace/platform data.

2) What we collect

  • Account data — name, email, mobile, password hash, addresses.
  • Location — delivery/collection address; approximate device location if you allow it.
  • Order/booking data — items/services requested, timestamps, fulfilment status, notes.
  • Payment data — handled by our payment processor (tokens, last 4 digits, no full card storage by us).
  • Support — messages, call/chat logs, attachments you send.
  • Device & usage — IP, device/browser type, app version, cookies, diagnostics, fraud signals.
  • Provider data (for pharmacies/clinics/vendors) — business contact details, documents for onboarding, banking for payouts.

3) Why we use it (Purposes & lawful grounds)

  • Provide the service — account management, order/booking, delivery/pickup, payments.
  • Safety & fraud — detect/stop abuse, verify identity where appropriate.
  • Support — resolve issues, refunds, complaints.
  • Improve — analytics, quality, performance and product changes.
  • Legal — POPIA compliance, tax/audit, lawful requests.
  • Marketing — with your consent or as permitted (opt‑out anytime).

Under POPIA we process when it is necessary for a contract with you, you have consented, we have a legitimate interest that does not unfairly prejudice you, or we are legally required.

4) Health information (Special Personal Information under POPIA)

We design our marketplace to minimize processing of health information. However, certain services (e.g., pharmacy orders or clinic bookings) may involve special personal information such as medication names or health-related notes you provide.

  • We only process such data where strictly necessary to fulfil your request and with your voluntary, informed consent, or as otherwise allowed by POPIA.
  • We do not use special personal information for advertising.
  • Access is restricted on a need‑to‑know basis and protected with additional safeguards.
  • Healthcare providers (e.g., the dispensing pharmacy or clinic) are responsible for their own clinical records and legal duties.

5) Who we share with

  • Service providers/Operators — hosting, customer support tools, analytics, payments, SMS/email, fraud prevention.
  • Fulfilment partners — pharmacies, clinics and delivery partners to complete your order/booking.
  • Compliance — regulators, law enforcement or tax authorities when legally required.
  • Corporate — if we undergo a merger, acquisition or sale, your data may transfer under equivalent protections.

We require Operators to process data per our instructions, under confidentiality and security obligations.

6) Cookies & similar tech

We use cookies, local storage and similar technologies for:

  • Essential — login/session, security, cart/booking state.
  • Performance — analytics and crash diagnostics.
  • Marketing — only with consent where required; you can opt out in settings or via your browser.

You can manage cookies in your browser. Blocking some cookies may impact functionality.

7) Security

  • Encryption in transit (HTTPS) and hardened infrastructure.
  • Access controls, least‑privilege, logging and staff training.
  • Vendor due diligence and data processing agreements.
  • Security contact: security@mzansihealthcare.com (see /.well-known/security.txt).

8) Children

The platform is intended for people aged 18+. If a guardian initiates an order/booking for a minor, they must provide consent and supervise use.

9) Your privacy rights

  • Access — request a copy of your personal information.
  • Correction — ask us to fix inaccurate information.
  • Deletion — request deletion where no longer needed and we have no legal reason to keep it.
  • Objection/Restriction — object to certain processing (e.g., direct marketing); restrict in specific circumstances.
  • Portability — receive certain data in a portable format where technically feasible.
  • Withdraw consent — where processing relies on consent (e.g., marketing or special personal info).

To exercise rights, email privacy@mzansihealthcare.com. We may verify identity. You may also complain to the Information Regulator (South Africa).

10) Cross‑border transfers

We may store or process data outside South Africa with Operators that provide adequate protection and contractual safeguards consistent with POPIA. Where applicable, we use Standard Contractual Clauses or equivalent mechanisms.

11) Retention

  • Account data — while your account is active and up to 24 months after last activity, then deleted or anonymised unless required longer by law.
  • Orders/bookings & receipts — typically 5–7 years for tax/audit compliance.
  • Support tickets24 months (or longer if part of a dispute).
  • Special personal info — kept only as needed to deliver the service or as required by law/clinical obligations of the provider.

12) Changes

We may update this Policy. We’ll post the new date and, if changes are material, we’ll notify you via the site or email.