Privacy Policy

Website: https://thehealthyafrican.com
Email: contact.healthyafrica@gmail.com
Effective date: October 9, 2025

1. Introduction

The Healthy African (THA) (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit or use https://thehealthyafrican.com (the “Site”) and any services offered through the Site, including telemedicine, newsletters, contact forms, downloads, or community features (collectively, the “Services”).

This Policy applies to users worldwide. Some sections reference regional laws (for example POPIA in South Africa or the EU General Data Protection Regulation (GDPR)) to help clarify expectations for international users. If you are located in a jurisdiction with additional legal rights, those laws may apply in addition to this Policy.

This Policy should be read together with our Terms of Use and Medical Disclaimer.

2. Definitions

  • Personal data / personal information: Any information relating to an identified or identifiable natural person (e.g., name, email, medical information, IP address).
  • Sensitive personal data / special categories: Health information, biometric data, racial or ethnic origin, and other categories that may require higher protection under local law.
  • Process / Processing: Any operation performed on personal data (collecting, storing, using, sharing, deleting).
  • Data Controller / Controller: The organization that determines the purposes and means of processing personal data (The Healthy African (THA)).
  • Data Processor / Processor: A third party that processes personal data on behalf of the Controller (e.g., payment provider, analytics provider).

3. Data we collect

We collect different types of personal data depending on how you use our Services. Categories include:

3.1 Identity and contact information

  • Name, email address, telephone number, postal address when you provide them (e.g., contact forms, account registration, appointment booking).

3.2 Account and user profile data

  • Username, password (securely hashed), profile photo (optional), country, language preferences.

3.3 Health and clinical information (sensitive data)

  • Medical history, symptoms, diagnoses, medications, test results, consultation notes, clinical images or videos you provide during telemedicine consultations or when submitting case stories. This is collected only where necessary for clinical care, research (with consent), or specific content purposes and is treated as sensitive data.

3.4 Payment and billing data

  • Billing name, payment card details (processed by third‑party payment processors), billing address and transaction records for paid Services.

3.5 Technical and usage data

  • IP address, device and browser information, device identifiers, operating system, pages viewed, referral URLs, clickstream data, and other analytics collected via cookies and similar technologies.

3.6 Communications and support data

  • Messages you send us via email, chat, or contact forms, including attachments and metadata.

3.7 User Content

  • Comments, reviews, forum posts, testimonials, personal health stories, or other content you post publicly on the Site.

3.8 Aggregated and anonymized data

  • Non‑identifiable information derived from personal data for analytics, research, and service improvement. Aggregated data cannot reasonably be used to identify you.

4. How we collect data

We collect data through:

  • Direct interactions: When you register, book consultations, subscribe to newsletters, fill contact forms, submit content, or communicate with us.
  • Automated technologies: Cookies, web beacons, server logs, and analytics tools that collect technical and usage information.
  • Third parties: Payment processors, identity verification services, healthcare partners, analytics providers, and publicly available sources when permitted.
  • Clinical encounters: Information collected during telemedicine consultations or clinical services you request.

5. Legal bases for processing (where required)

If you are located in a jurisdiction that requires a legal basis for processing (for example, the EU), our legal bases include:

  • Consent: Where you have given clear consent for processing for a specific purpose (e.g., marketing emails, research participation, publishing a personal story). You can withdraw consent at any time, but withdrawal does not affect processing already lawfully carried out.
  • Contractual necessity: Processing necessary to perform a contract with you (e.g., telemedicine consultations, payments, appointment scheduling).
  • Legal obligation: Processing necessary to comply with legal obligations (e.g., tax, record retention, reporting requirements).
  • Vital interests: Processing necessary to protect the vital interests of an individual (e.g., emergency care situations).
  • Legitimate interests: Processing necessary for our legitimate interests (e.g., fraud prevention, site security, service improvement), provided those interests are not overridden by your rights. We will balance our interests and document the assessment where required.

For sensitive personal data (health data), we will rely on explicit consent or other legal grounds permitted by local law (e.g., provision of healthcare, vital interests, legal obligations). We will obtain explicit consent where required by law.

6. How we use personal data

We use personal data for the following purposes:

6.1 To provide Services and manage accounts

  • Registering accounts, managing bookings and telemedicine consultations, delivering clinical care, processing payments, and communicating appointment details or test results.

6.2 To communicate with you

  • Responding to enquiries, sending service-related messages, appointment reminders, follow-up communication, and transactional emails.

6.3 For marketing and newsletters (with consent)

  • Sending promotional communications, newsletters, and event announcements if you opt in. You can unsubscribe at any time.

6.4 To improve our Services

  • Analytics, site optimization, product development, usability testing, and tailoring content to user preferences.

6.5 For safety, fraud prevention and legal compliance

  • Detecting and preventing fraud or abuse, complying with legal obligations, and protecting the security of our Services.

6.6 For research and public health (with consent or legal basis)

  • Conducting ethically approved research, aggregating anonymized data for public health insights, or responding to public health authorities when required by law.

6.7 For publishing and editorial uses (with consent)

  • Publishing user stories, testimonials or case studies only when we have explicit written consent and appropriate de‑identification if requested.

7. Sharing and disclosure of data

We may share personal data with the following categories of recipients:

7.1 Service providers and processors

  • Third‑party vendors who perform services on our behalf such as payment processors, hosting providers, analytics services, email delivery services, appointment management platforms, and telemedicine platform providers. Processors are required to implement appropriate security and confidentiality measures under written agreements.

7.2 Healthcare professionals and partners

  • Clinicians, laboratories, or partner health facilities involved in your care or diagnostic services, with your consent or as required for treatment.

7.3 Legal and regulatory authorities

  • When required by law, regulation, legal process, or to protect vital interests (e.g., reporting of communicable diseases where mandated).

7.4 Business transfers

  • In connection with any merger, acquisition, sale of assets, financing, or reorganization, personal data may be transferred; we will require the acquiring entity to protect personal data under terms consistent with this Policy.

7.5 Aggregated or anonymized data

  • We may share aggregated, de‑identified information publicly or with partners for research and policy work.

We will not sell your personal data to third parties. Any other sharing will occur only with your consent or as permitted by law.

8. International transfers

Because we operate online, personal data may be stored or processed in countries other than your country of residence. Data transfers may involve jurisdictions with different data protection laws. Where we transfer personal data internationally, we will use appropriate safeguards required by applicable law (such as standard contractual clauses, binding corporate rules, or ensuring that the recipient is in a country with an adequate level of protection). Contact us for specific information about transfer safeguards.

9. Cookies, tracking and analytics

We use cookies and similar technologies to operate the Site and provide services. Types of cookies include:

  • Essential cookies: Required for basic site functions (session, security, login).
  • Functional cookies: Remembering preferences (language, region).
  • Analytics cookies: Help us understand how visitors use the Site (page views, navigation patterns).
  • Advertising/marketing cookies: Used only if you opt in; may be set by third parties for targeted content.

You can manage cookie preferences through our cookie banner or via your browser settings. Disabling certain cookies may affect site functionality.

10. Data retention

We retain personal data only for as long as necessary to provide Services, fulfill legal obligations, resolve disputes, enforce agreements, or as otherwise permitted by law. Retention periods vary by data type. Typical retention schedules (examples) include:

  • Account registration data: retained for the life of the account + 2 years after deactivation unless law requires otherwise.
  • Clinical records and telemedicine notes: retained in accordance with applicable medical record retention laws (commonly 7–15 years depending on jurisdiction) — we will follow local legal requirements where practicable.
  • Billing and transactional records: retained for accounting and tax purposes (commonly 5–10 years).
  • Marketing data: retained until you unsubscribe or withdraw consent.

Contact us if you need specific retention details for your records.

11. Security measures

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. Measures include encryption in transit (TLS), access controls, secure hosting, regular security testing, staff training, and contractual controls with vendors.

While we strive to safeguard data, no system is completely secure. If a data breach occurs that creates a risk to your rights and freedoms, we will notify affected individuals and relevant authorities as required by law.

12. Data subject rights

Where applicable under your local law, you may have the following rights concerning your personal data:

  • Right of access: Request a copy of personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): Request deletion of personal data (subject to legal retention obligations).
  • Right to restriction of processing: Ask us to restrict processing in certain circumstances.
  • Right to data portability: Receive your personal data in a structured, commonly used, machine‑readable format and transmit it to another controller wh