MOTO HEALTH CARE PRIVACY POLICY

Please read this Privacy Policy carefully to understand how Moto Health Care will process your personal information. Every term of this Policy is material.

1. ABOUT MOTO HEALTH CARE

Moto Health Care (“Moto Health Care” / ”the Scheme”), a registered restricted membership medical scheme in terms of the Medical Schemes Act 131 of 1998, offers medical scheme benefits to persons in the motor industry in South Africa. Moto Health Care is administered by Momentum Health Solutions (‘’MHS’’) and supported by various other contracted service providers, including managed healthcare organisations. The Scheme is subject to the authority of the Council for Medical Schemes (“CMS”). It is governed by a Board of Trustees, which has a statutory duty to keep beneficiary information confidential.

Our contact details are as follows:

Physical Address: 1 st Floor, Holiday House, 156 Bram Fischer Drive, Randburg, 2194

Postal Address: P O Box 3882, Randburg, 2125

Telephone Number: +27 (0) 861329800

E-mail address: info@mhcmf.co.za

Website address: www.mhcmf.co.za

2. INFORMATION OFFICER

Our Information Officer is:

Ms. T.A. Gucher-Greeff

Email: terry@mhcmf.co.za

Tel no.: 0861 329 800 / 082 070 8668

3. DEFINITION OF TERMS

3.1 “Board” refers to the Board of Trustees of the Scheme.

3.2 “Beneficiary” means a member and/or Dependant of a Member.

3.3 “Data subject” has the meaning assigned to it in POPIA and refers to the person to whom the personal information relates and includes both natural and juristic persons.

3.4 “Dependant” means a dependant of a member admitted as such in terms of the Rules of the Scheme.

3.5 “Member” refers to a natural person who has been admitted as a principal member of the Scheme in terms of the Rules and “membership” has a corresponding meaning.

3.6 “Officer” refers to a member of the Board, any committee of the Scheme, the Principal Officer and any employee of the Scheme.

3.7 “PAIA Manual” refers to the Manual compiled by the Scheme in terms of section 51 of the Promotion of Access to Information Act (Act 2 of 2000).

3.8 “Personal information” has the meaning assigned to it in POPIA, and refers to information relating to identifiable, living, natural persons as well as identifiable, existing juristic persons. It includes information such as race, gender, age, medical information, identity number, contact details and confidential correspondence. “Information” has a corresponding meaning unless the context requires otherwise.

3.9 “POPIA” means the Protection of Personal Information Act (Act 4 of 2013) and any Regulations, Codes of Conduct, Guidelines and Directives issued in terms of the Act.

3.10 “Principal Officer” means the Principal Officer of Moto Health Care.

3.11 “Processing” has the meaning assigned to it in POPIA, and refers to any operation or activity concerning personal information, such as the collection, receipt, recording, storage, updating, alteration, use, distribution, erasure or destruction of the information.

3.12 “Rules” means the registered Rules of the Scheme.

3.13 “The Scheme” refers to Moto Health Care.

3.14 “We” / “us” refers to Moto Health Care.

3.15 “You” / “your” refers to the data subject (i.e., the person or entity) whose personal information is processed by Moto Health Care.

4. APPLICATION OF THE PRIVACY POLICY

This Privacy Policy applies to the personal information that we have in our possession or under our control and personal information that we collect or receive from or about you. It stipulates, amongst others, how we collect the information, the type of information collected, why that information is collected, the circumstances under which that information will be shared with others, the security measures that we have implemented to protect the information and how you may obtain access to and correct your information. This Policy also applies to other persons or entities that may process personal information on our behalf.

5. OUR COMMITMENT

Your privacy and the security of your information are important to us and we want to make sure that you understand how your information will be processed. We are committed to conducting our business in accordance with the law. We will, therefore, only process, which includes collect, use, store or disclose, your personal information in accordance with the law or otherwise with your consent and will always strive to keep your information confidential. We take this commitment to look after your personal information seriously. We have implemented a number of processes to make sure that your personal information is used in the right way. Furthermore, we will-

  • only collect personal information that is necessary;
  • only use personal information for the purposes specified in this Privacy Policy unless you are advised otherwise;
  • not keep personal information longer than needed for lawful purposes; and
  • only share your personal information with third parties as specified in this Privacy Policy and/or permitted in terms of the law or as otherwise agreed with you.

6. WHEN YOU PROVIDE INFORMATION ABOUT ANOTHER PERSON / ENTITY

You must make sure that if you provide personal information about someone else to Moto Health Care, including of your dependants, you may lawfully do so (e.g., with their consent). We will accept that you are acting lawfully. You should make sure that they read this Privacy Policy and understand how Moto Health Care will process their information.

7. COLLECTION OF YOUR PERSONAL INFORMATION

We collect personal information directly from you when you become a member, a dependant, officer or an employee of the Scheme and when you submit information on the website or the Scheme App or otherwise to the Scheme. We also obtain personal information about you when another entity or person provides such information to us. Information may also be collected from other sources (e.g., public records), depending on the circumstances, when it is, for example, not possible to obtain the information directly from you, or if you make information publicly available. Furthermore, beneficiaries’ health-related information is collected from healthcare providers subject to the provisions of the law. Relevant information may also be collected from members’ employers and their contracted brokers. Supporting documentation such as copies of identity documents, birth certificates, marriage certificates and death certificates are collected to accurately identify a beneficiary and ensure compliance with the Rules. Healthcare provider information is, amongst others, collected from claims submitted in respect of goods and services provided to beneficiaries and Medpages. Telephone calls with external callers and virtual meetings are recorded. The information that we collect is necessary to provide membership services, manage the Scheme and comply with the Rules, the Medical Schemes Act and other laws. Employment details of beneficiaries are collected to ensure that they qualify for membership and to manage the payment of their contributions by their employers, if applicable. Information related to previous medical scheme membership is collected to inform underwriting decisions. When you use our website and/or Scheme App, you must familiarise yourself with the terms and conditions applicable to your use of those platforms.

8. PROCESSING OF YOUR PERSONAL INFORMATION

There are various laws that permit the processing of personal information, such as POPIA. Employment laws permit the processing of employees’ information. We generally process the personal information listed below, if applicable in the circumstances, and retain it as part of our records. Other personal information may be collected and processed if it is required in the circumstances.

Beneficiaries
  • Names, surnames, titles, addresses and contact details;
  • Identity numbers, dates of birth and age, gender;
  • Dependants’ details;
  • Nationalities;
  • Employment details;
  • Income and bank details;
  • Health information, including pre-existing conditions, pregnancy, diagnoses and treatment;
  • Previous medical scheme cover;
  • Details of treating providers;
  • Membership entry and termination dates;
  • Membership contributions and payment-related information;
  • Authorisation requests, claims, Schemeing decisions, benefit allocations and benefit utilisation;
  • Dependant status, waiting periods and late joiner penalties;
  • Information related to complaints and disputes;
  • Relationships of dependants with principal members;
  • Telephone call recordings;
  • Completed Scheme documents such as application forms, including members’ signatures;
  • Correspondence.
Trustees, Committee Members and Nominees
  • Full names and surnames, titles, identity numbers, age, addresses; contact details, nationalities, gender, qualifications, vetting reports, photos, other information included on nomination forms, curriculum vitae (“CVs”) and declarations of interests;
  • All interests declared on the Declaration of Interests form or otherwise;
  • Signatures of official signatories and proof of residence, if required by the bank;
  • Bank details;
  • Position held at the Scheme;
  • Recording of virtual meetings, records of meeting attendance, information included in minutes of meetings and participation in business-related matters / events on behalf of the Scheme; and
  • Correspondence.
Employees and Job Applicants
  • Full names and surnames, titles, identity numbers, age, contact details, positions or roles at the Scheme, nationalities, gender, race, qualifications, vetting reports, photos, employment history, references, next-of-kin and other information included on CVs;
  • Relevant medical and disability information, if applicable;
  • Employment-related information such as sick certificates, performance and disciplinary records, salary information, tax numbers and employment history;
  • Bank details;
  • Next-of-kin; and
  • Correspondence.
Healthcare Providers
  • Full names and surnames / entity names, titles, addresses and contact details, practice code numbers, qualifications and website addresses;
  • Relevant staff member’ / contact persons’ names, surnames and contact details;
  • Bank details and bank verification letters;
  • Designated service provider (DSP) / preferred provider network status;
  • Claims, remittance advices and payment related information;
  • Utilisation of Scheme benefits; and
  • Correspondence.
Employer Groups
  • Names, locations, physical and postal addresses, contact details and registration numbers;
  • Names, surnames and contact details of relevant contact persons (e.g., human resources and billing);
  • Nature of business;
  • Contribution payment and related information;
  • Number of employees;
  • Bank details;
  • Confirmation of employee details as set out on Scheme documents such as the membership application forms;
  • Signatures of authorised persons acting on behalf of employers such as the membership application forms; and
  • Correspondence.
Brokers
  • Broker organisation names, addresses, contact details and website addresses;
  • Names, surnames, titles, contact details and identity numbers of individual brokers;
  • Broker codes / reference numbers;
  • Qualifications, licences, accreditation status and performance;
  • Payment information, including bank details and VAT numbers;
  • Agreements;
  • Completed forms, including signatures; and
  • Correspondence.
Suppliers, Vendors, Other Persons and Public and Private Bodies
  • Entity names, addresses, contact details and website addresses;
  • Names, surnames, titles, contact details and positions of contact persons;
  • Qualifications, licences, accreditation status and performance;
  • Proposals, agreements and related information;
  • Payment information including banking details and VAT Numbers;
  • Official documentation, such as newsletters and brochures;
  • COVID-19 screening information of visitors to the Scheme’s offices; and
  • Correspondence.
Insurers
  • Entity names, addresses, contact details and website addresses;
  • Names, surnames, titles, contact details and positions of contact persons;
  • Claims;
  • Payment-related information;
  • Correspondence.

9. CONSENT

If you provide consent for the processing of your personal information, you may withdraw your consent at any time. This does not affect the processing of personal information that has already occurred. If you withdraw your consent, your personal information will only be processed as provided for in the law.

10. OBJECTION TO PROCESSING

When we process your personal information to protect your legitimate interests or based on our legitimate interests or those of a third party to whom we supply the information, you may object to our processing, if it is reasonable to do so. This must occur on the form prescribed by POPIA, available from the Information Officer. This does not affect your personal information that we have already processed. If you object and we agree with your objection, your personal information will only be processed as provided for in the law.

11. PURPOSE OF PROCESSING YOUR PERSONAL INFORMATION

We generally process your personal information for the following purposes:

  • To conduct the business of a medical scheme in terms of the Medical Schemes Act, including admission to membership, eligibility, risk assessment of beneficiaries, underwriting, risk management, disease management, benefit management, the assessment and payment of beneficiary claims, the collection of contributions and debts and for managed healthcare and forensic investigation purposes;
  • For governance purposes;
  • For employment and related matters;
  • To verify provider details;
  • To comply with relevant legislation;
  • To report to persons and bodies as required and authorised in terms of the Rules, legislation or by the data subjects;
  • For the maintenance of assets;
  • For communication purposes;
  • For marketing purposes;
  • For client services;
  • For procurement;
  • For historical, statistical and research purposes;
  • For market research;
  • For enforcement of our rights; and
  • For any other lawful purpose, which directly relates to the business of a medical scheme.

12. DISCLOSURE OF YOUR PERSONAL INFORMATION

We will share only relevant personal information about you, if it is necessary and lawful in the circumstances. We will generally share your personal information with the following persons and entities in the conducting of our business:

  • Officers, employees, service providers, suppliers and vendors who assist us to provide the services and who perform functions related to our business on a need-to-know basis, subject to confidentiality undertakings where applicable;
  • Our insurers;
  • Our professional and legal advisers;
  • Our accountants and auditors;
  • Banks for processing of payments;
  • Regulatory and other public or private bodies, persons or entities, as permitted in terms of the Rules, legislation, the relevant beneficiary, or as may be required or permitted in terms of the law (e.g., CMS and the South African Revenue Services [“SARS”]);
  • Law enforcement structures, including courts and tribunals; and
  • Regulatory and other public or private bodies, persons or entities, as may be required or permitted in terms of the law, including to comply with any legal obligation or to protect the rights, property or safety of our business, the public or others.

We may also share your relevant information with the following persons and entities:

Beneficiaries
  • Principal members: Information to be shared is restricted to relevant personal information, including health information, of their dependants to ensure the efficient administration of their Feb 2022 membership and benefits and to prevent fraud as well as all information included on benefit statements as required by the Rules and the Medical Schemes Act.
  • Suppliers and service providers who perform functions related to the administration of our business, the provision of managed healthcare services (such as MHS) and other service providers: Information to be shared is restricted to information on a need-to-know basis and subject to confidentiality undertakings;
  • Appointed brokers: Information to be shared is restricted to information that enables brokers to provide member-clients with sound advice, such as option type and contact details. Moto Health Care will not share any information about beneficiaries’ medical conditions unless they have given Moto Health Care permission to do so;
  • Employer groups (where applicable): Information to be shared is restricted to information relevant to an application for membership or information that is required for the ongoing servicing of membership. No health information of employees is shared unless explicit permission has been given by the relevant employees to Moto Health Care to do so;
  • Debt collectors / attorneys when contributions are outstanding; and
  • Credit rating agencies of beneficiaries who have defaulted on the payment of their contributions or other debt owed to us.
Trustees, Committee Members and Nominees
  • Our beneficiaries
Employees and Job Applicants
  • Our beneficiaries (depending on the relevant employee’s job function);
  • Next-of-kin in emergency situations.
Healthcare Providers
  • Our beneficiaries.
Suppliers, Vendors, Other Persons, Public and Private Bodies
  • Our beneficiaries

13. RECORD-KEEPING

We retain records of your personal information for as long as it is necessary for lawful purposes related to the conducting of our business, provide membership services and benefits, comply with legal obligations, attend to legal matters, enforce agreements, comply with our Rules, as proof and for historical, statistical and research purposes subject to the provisions of the law.

14. SENDING INFORMATION ACROSS THE BORDERS OF SOUTH AFRICA

We process and store your information in records within the Republic South Africa. We send details of beneficiaries, who are abroad in the SADEC countries and in need of emergency care, to our international emergency service providers who may send relevant information to medical service providers in the SADEC country to facilitate emergency care of beneficiaries in accordance with our Rules. We are not planning to send any other personal information about any data subject to any other third party in a foreign country. Should this be required, relevant data subject consent will be obtained, if required, and transfers of such information will occur in accordance with the requirements of the law.

15. SECURITY OF YOUR PERSONAL INFORMATION

We are committed to ensuring the security of your personal information in order to protect it from unauthorised processing and access as well as loss, damage or unauthorised destruction. We continually review and update our information protection measures to ensure the security, integrity, and confidentiality of your information in accordance with industry best practices. The measures we adopt to ensure the security of your personal information includes technical and organisational measures and internal policies to prevent unauthorised access, loss or use of personal information. Measures used include the physical securing of hard-copy records, access control to electronic records and off-site data back-ups. All personal information is stored in databases that have built-in safeguards, for example on MHC’s secured servers, which are located in protected centres at contracted third parties or MHC premises. In addition, only those employees, officers and service providers that require access to your information to discharge their functions relating to our business and the services we provide are permitted access to your information and only if they have concluded agreements with / provided undertakings to us regarding the implementation of appropriate security measures, maintaining the confidentiality and processing the information only for the agreed purposes. We will inform you and the Information Regulator if any person unlawfully obtains access to your personal information, subject to the provisions of the law.

16. RIGHT TO ACCESS YOUR PERSONAL INFORMATION

You have the right to request access to your personal information in our possession or under our control and information of third parties to whom we supplied that information subject to restrictions imposed in legislation. If you wish to exercise this right, please complete the prescribed form, available from the Information Officer, and submit it to the Information Officer. Costs may be applicable to such request, which can be obtained from the Information Officer. Please consult our PAIA Manual for further information.

17. ACCURACY OF YOUR PERSONAL INFORMATION

It is important that we always have accurate information about you on record as it could impact on communication with you and the services that we provide. You must therefore inform us as soon as any of your information has changed. Members must update their information on the membership portal or send an email to info@mhcmf.co.za or contact client services by calling 0861 000 300.

You may also request us to correct or delete any information. Such a request must be made in writing on the prescribed form, available from the Information Officer, and be submitted to the Information Officer. You must provide sufficient detail to identify the information and the correction / deletion required. Information will only be corrected / deleted if we agree that the information is incorrect or should be deleted. It may not be possible to delete all the information if we may lawfully retain it.

Please contact the Information Officer to discuss how we can assist you with your request. If we correct any information and the corrected information will impact on any decision made or to be made about you, the corrected information will be provided to persons to whom the information has been disclosed in the past if they need to be aware of the changed information.

18. MARKETING OF PRODUCTS AND SERVICES

If you have given us specific consent to do so, we may occasionally inform you, electronically or otherwise, about supplementary products and services that may be useful or beneficial to you. You may at any time withdraw your consent and opt out from receiving such information. You may not optout of membership-related communications, which are not promotional in nature

19. CHANGES TO THIS POLICY

We reserve the right in our sole and absolute discretion, to revise or supplement this Privacy Policy from time to time to reflect, amongst others, any changes in our business or the law. We will publish the updated Privacy Policy on our website at https://www.mhcmf.co.za/. It will also be available at our offices. Any revised version of the Policy will be effective as of the date of posting on the website, so you should always refer back to the website for the latest version of the Policy. It is your responsibility to make sure you are satisfied with any changes before continuing to use our services.

20. ENQUIRIES AND COMPLAINTS

All enquiries, requests or concerns regarding this Policy or relating to the processing of your personal information by us should be addressed to the Information Officer. You may also lodge a complaint with the Information Regulator at POPIAcomplaints.IR@inforegulator.org.za (violation of personal information) or PAIAcomplaints.IR@inforegulator.org.za (access to record requests). Moto Health Care would appreciate the opportunity to address your concerns before you approach the Information Regulator.

21. LAWS APPLICABLE TO THIS PRIVACY POLICY

This Privacy Policy is governed by the laws of the Republic of South Africa.