POPIA sets out eight conditions for the lawful Processing of Personal Information ("the Eight Conditions"). WardWiZ is committed to complying with the Eight Conditions:

• Condition 1 – Accountability: WardWiZ will comply with the Eight Conditions while conducting business that involves the Processing of Personal Information;
• Condition 2 – Processing Limitation: We collect Personal Information directly from you with your informed and specific consent, unless the information is in the public domain. Personal Information may not be collected for one purpose and then used for another without your consent;
• Condition 3 – Purpose Specification: Personal Information is only collected for specific, defined, and lawful purposes related to providing WardWiZ services;
• Condition 4 – Further Processing Limitation: Any further Processing of Personal Information is done in accordance with the conditions under which we initially collected such information;
• Condition 5 – Information Quality: We take reasonably practicable steps to ensure that Personal Information is complete, not misleading, updated, and accurate;
• Condition 6 – Openness: We retain documents containing Personal Information in accordance with applicable retention requirements. You have a right to know what Personal Information we have and for what purpose;
• Condition 7 – Data Security: We ensure that appropriate security measures, processes, and procedures are in place to protect against unlawful or unauthorised Processing of Personal Information and accidental loss or damage;
• Condition 8 – Data Subject Participation: You may request access to any Personal Information held about you and ask for inaccurate data to be amended or deleted.

You, the user, are solely responsible for ensuring your use of WardWiZ complies with POPIA, the National Health Act, hospital/provincial/national IT governance policies, organisational data security regulations, and professional medical ethics.

When you register to use WardWiZ, we collect and process the following Personal Information from you:

2.1 User Account Information

• Name and surname;
• Email address (used for authentication and communications);
• Professional role and department;
• Professional registration number (if applicable);
• Contact information (phone number, if provided);
• Profile picture (optional);
• Authentication credentials (stored securely and encrypted);
• Team memberships and role assignments.

2.2 Patient and Clinical Information

• Patient demographics (name, date of birth, gender, contact information, address);
• Encounter information (admission dates, discharge dates, wards, departments, encounter status);
• Clinical notes, documentation, and medical records;
• Vital signs and clinical measurements;
• Medication prescriptions and administration records;
• Tasks, assignments, and clinical workflows;
• Laboratory results (synced from external systems like NHLS);
• Referrals, surgery bookings, and other clinical data.

2.3 System and Technical Information

• Device information (browser type, operating system, device identifiers);
• IP address and network information;
• Usage logs, access patterns, and system interactions;
• Error logs and diagnostic information (for troubleshooting);
• Session information and authentication tokens.

2.4 External System Credentials

• eCCR (Electronic Continuity of Care Record) credentials - encrypted and stored securely, used only for authentication with eCCR servers;
• NHLS (National Health Laboratory Service) credentials - encrypted and stored securely, used only for authentication with NHLS servers;
• Hectis credentials (if applicable) - encrypted and stored securely.

Sources of Personal Information

WardWiZ may also collect Personal Information from you in other ways, including:

• when you communicate with us by email, chat, telephone or any other means, we collect the communication and any data provided in it;
• when you use the WardWiZ platform we collect information in your clinical notes, tasks, referrals, and communications with other healthcare practitioners;
• when we obtain information from third parties such as identity verification services from professional registration councils (e.g., HPCSA, SAPC, SANC) to confirm you are a registered healthcare practitioner;
• information contained in a public record or has deliberately been made public by you;
• where you have consented to the collection of the information from another source;
• where collection of the information from another source is necessary for legal or regulatory compliance purposes.

All patient data stored in WardWiZ remains the property and responsibility of the healthcare institution or organisation using the System.

We use the information we collect for the following purposes:

• Service Provision: To provide, operate, maintain, and improve WardWiZ and its features, including patient management, clinical documentation, task management, and team collaboration tools;
• Authentication and Access Control: To authenticate users, manage access permissions, enforce team-based data scoping, and ensure secure access to patient information;
• Clinical Workflows: To enable clinical documentation, vitals tracking, medication management, task assignments, referrals, surgery scheduling, and other healthcare workflows;
• External System Integration: To authenticate with and retrieve data from external systems (eCCR, NHLS, Hectis) using encrypted credentials stored securely;
• AI Features: To provide optional AI-powered features such as voice transcription, note formatting, and encounter summaries (with appropriate safeguards and user review requirements);
• Communication: To send you important notifications, security alerts, system updates, and administrative communications;
• Security and Compliance: To monitor for security threats, detect unauthorized access, maintain audit trails, and ensure compliance with applicable laws and regulations;
• System Improvement: To analyze usage patterns, diagnose technical issues, improve system performance, and develop new features (using aggregated, de-identified data where possible);
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, including healthcare record retention requirements.

We do not sell, rent, or trade your Personal Information or patient data. We may disclose your Personal Information to our third parties, as defined in POPIA, for legitimate business purposes, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality. We may disclose your Personal Information to:

• any person that works for us and is in the employ of WardWiZ, either as a permanent employee or contractor;
• companies and organisations that provide services to us, including in relation to technical infrastructure, cloud hosting, authentication services, AI service providers, marketing and analytics, and web and app development and support;
• authorized members of your assigned teams, in accordance with team-based access controls and role-based permissions;
• specialist medical healthcare providers, or permitted medical clerks coordinating referrals on behalf of a department or specialist, who are approved users of the WardWiZ Platform (when you are referring a patient or seeking medical advice);
• legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
• any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights;
• any relevant party for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security.

If we engage a third party to Process any of your Personal Information, the third party will be subject to binding contractual obligations to only Process such Personal Information in accordance with our prior written instructions and use measures to protect the confidentiality and security of such Personal Information.

We will otherwise treat your Personal Information as private and confidential and will not share it with other parties except where you have given permission, where we believe it is reasonably necessary to comply with any law, regulation, legal process or governmental request, or where we may transfer rights and obligations pursuant to our agreement with you.

The Personal Information provided to WardWiZ should be accurate, complete and up-to-date. Should Personal Information change, the onus is on the provider of such data to notify WardWiZ of the change and provide WardWiZ with the accurate data.

Where indicated (for example in account registration forms), it is obligatory for you to provide accurate Personal Information to enable us to open and operate your WardWiZ account so you may be able to use our products or services. Should you decline, refuse or neglect to provide such Personal Information, or provide inaccurate or incomplete Personal Information, we may not be able to process your account registration or provide you with our products or services.

While we take reasonably practical steps to make sure our records containing your Personal Information are always complete, accurate and updated when necessary, you must notify us immediately if you believe any Personal Information in our possession is inaccurate or out of date. We will then investigate the matter and if any Personal Information is found to be incorrect, incomplete, inaccurate, irrelevant, excessive, out of date, misleading or was not collected according to the terms of this privacy notice, we will correct, update or delete that information within a reasonable time.

WardWiZ places great importance on ensuring the security of your Personal Information. We regularly review and implement up-to-date technical and organisational security measures when Processing your Personal Information. WardWiZ's Privacy Policy is to meet local requirements for security measures on integrity and confidentiality of personal information, as specified in section 19 of POPIA.

7.1 Storage Infrastructure

• All data is stored in secure cloud databases with industry-standard encryption at rest;
• Data is backed up regularly to prevent data loss;
• Storage infrastructure is managed by reputable cloud service providers with robust security certifications.

4.2 Access Control and Authentication

• Row-level security (RLS) policies ensure team-scoped data access - users can only view/modify data for patients within their assigned teams;
• Role-based access control (RBAC) restricts access based on user roles (admin, lead, member);
• Secure authentication using industry-standard identity providers with encrypted session management;
• All access attempts and data modifications are logged in comprehensive audit trails.

4.3 Encryption and Transmission

• All data transmission is encrypted using industry-standard TLS/SSL protocols;
• External system credentials (eCCR, NHLS, Hectis) are encrypted at rest and transmitted securely only to their respective servers;
• Sensitive patient information is never transmitted over unencrypted channels.

A Data Subject, who has provided the Information Officer with adequate proof of identity, may request WardWiZ to confirm, free of charge, whether or not WardWiZ holds any Personal Information about the Data Subject; and provide a record of the Personal Information about the Data Subject held by WardWiZ, including and providing information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information.

WardWiZ may provide the record referred to above within a reasonable time, in a form that is understandable to the Data Subject. The Data Subject must also be advised of his or her or its right to request that the information be corrected, if incorrect.

WardWiZ may refuse to disclose any information requested on the basis of grounds of refusal to access to certain records as specified in section C of the Promotion of Access of Information Act No. 2 of 2000 ("PAIA"). If a request for access to Personal Information is made to WardWiZ and part of the information falls within one of the aforementioned grounds, WardWiZ must disclose every other part of the information which does not fall within the protected ground.

We support the right of Data Subjects to have access to their data and their patient related data. You have certain rights under data protection law, including POPIA, regarding your Personal Information. You may request that we:

• provide you with a copy of your Personal Information (including in a format that can be shared with a new provider);
• correct, delete, or restrict the Processing of your Personal Information;
• object to the Processing of your Personal Information in certain circumstances;
• withdraw consent where processing is based on consent (this may limit your ability to use WardWiZ).

These rights are limited in some situations, such as where we are legally required to Process or store your data, and may limit your ability to use our products and services. If you would like to exercise any of the above rights, please send an email to the Information Officer using the contact information provided in Section 18.

Note: Some rights may be limited where we are legally required to process or retain data (e.g., healthcare record retention requirements), or where deletion would prevent us from providing services to you.

We also collect Personal Information through the use of cookies. Cookies (and other similar technologies) help us give you the best experience of using our site. Cookies are small data files that we or companies we work with may place on your computer or other devices when you visit our website or use the WardWiZ Online Web Portal. They allow us to remember your actions or preferences over time.

When you visit our Website or App we may place Cookies onto your device, or read Cookies already on your device, subject always to obtaining your consent, where required, in accordance with applicable law. We use Cookies to:

• record information about your device, your browser and, in some cases, your preferences and browsing habits;
• maintain your authentication session and security;
• remember your preferences (e.g., theme, current team selection);
• ensure system security and prevent unauthorized access;
• improve system performance and user experience.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Certain aspects and features of our services are only available through the use of cookies. By registering an account with WardWiZ, or continuing to use our website, you agree to our use of cookies as set out in this Privacy Policy. We do not use third-party advertising cookies or tracking technologies for marketing purposes. You may decline our cookies if your browser or browser add-on permits, but doing so may interfere with your use of WardWiZ's services. For information on how to delete or reject cookies, you can consult the "help" function within your browser, or visit www.allaboutcookies.org, where you will also find more information about cookies generally.

WardWiZ integrates with the following third-party services:

• Cloud Hosting and Infrastructure

  We use cloud service providers (e.g., Supabase) for secure data storage and hosting. These providers are contractually obligated to protect your data and comply with applicable security standards.

• Authentication Services

  We use secure identity providers for user authentication. Your authentication credentials are managed securely and are not shared with third parties.

• AI Service Providers

  For optional AI features (voice transcription, note formatting, summaries), we use third-party AI services. Audio and text inputs are processed temporarily and are not permanently stored by us or the AI service provider. AI-generated content requires your review before being saved to patient records.

• External Healthcare Systems (eCCR, NHLS, Hectis)

  When you use external system integrations, your encrypted credentials are used to authenticate with those systems. We do not control these external systems and are not responsible for their privacy practices. Please review their respective privacy policies.

We are not affiliated with, endorsed by, or in partnership with eCCR, NHLS, Hectis, or any government health departments. External system integrations are provided for user convenience and rely on the availability and functionality of those external systems.

WardWiZ will retain your Personal Information:

• for achieving the purpose for which the information was collected;
• when retention of the record is required or authorised by law, including healthcare record retention requirements (which typically require retention of medical records for extended periods, often 6-10 years or longer);
• for the record for lawful purposes related to its functions or activities;
• when retention of the record is required by a contract between the parties thereto;
• when the Data Subject, or a competent person where the Data Subject is a child, as defined in POPIA, has consented to the retention of the record;
• for historical, statistical or research purposes if the responsible party has established appropriate safeguards against the records being used for any other purposes.

We may however, notwithstanding the above mentioned criteria, retain your Information in a de-identified manner for a period we deem necessary. When you delete your account, we will delete or anonymize your personal information, except where we are legally required to retain it (e.g., healthcare record retention requirements, audit trail requirements). Patient information will be retained in accordance with healthcare record retention laws.

The data we collect may be transferred outside of the Republic of South Africa. Personal Information may be transferred to a third party outside of the Republic of South Africa provided that:

• the third party is subject to a law, binding corporate rules or a binding agreement that seeks to protect the Personal Information in line with this Privacy Policy and applicable South African privacy laws;
• the transfer is necessary in order to provide the services that are required by you.

You may withdraw your consent to us Processing your information across borders, however this may mean that we are no longer able to offer WardWiZ to you. By using WardWiZ, you consent to the transfer, storing, and processing of your information and patient information by third-party hosting providers and service providers, which may be located outside of South Africa.

In order for WardWiZ to provide you with the agreed services, you accept and agree that:

• any communications, agreements, notices and/or any other documents (together "Communications") relating to your WardWiZ Account or your use of WardWiZ's products and services will be provided to you electronically by posting them on the WardWiZ Website, emailing them to the email address you have provided to us, or through any other form of electronic communication. You consent to receiving all Communications electronically;
• you will at all times have available to you the necessary hardware and software to receive, access and retain Communications sent to you electronically, including a device with an internet connection and a valid and accessible email address;
• you assume full responsibility for providing WardWiZ with a valid and accessible email address to which any Communications may be sent, and for ensuring that the email address and any other contact information is kept up to date. Any Communication sent to the email address you have provided to us will be deemed to have been received by you.

You may at any time withdraw your consent to receiving Communications electronically by contacting us. You acknowledge that failure to give, or withdrawing, consent to receiving Communications electronically may put the security of your WardWiZ Account at risk should you not receive communications pertaining to your account security.

Care should always be taken in reviewing messages purporting to originate from WardWiZ and, should you have any uncertainty regarding the authenticity of any communication, please contact us immediately to verify the authenticity of such communication.

We protect all information with what WardWiZ considers to be the highest degree of security and protection. In the event of any privacy or security breaches of the WardWiZ Platform, or at our Third Party Hosted Data Centre, that are likely to result in any risk to your Personal Information or to your rights and freedoms, we will notify you and the relevant regulatory authority as soon as we become aware of such.

We expect our users to notify us immediately where they have reasonable grounds to believe that their accounts or patient data have been accessed or acquired by any unauthorised person. To notify us in this regard, please email the Information Officer using the contact information provided in Section 16.

In the event of a suspected or confirmed data breach or security incident, we will investigate the incident and take reasonable steps to mitigate any harm. We will comply with applicable data breach notification laws, including POPIA requirements, to the extent required. However, we are not obligated to provide individual notifications unless required by law.

Should you have any query in relation to this Privacy Policy or how we handle your Personal Information, please contact us by sending an email to the Information Officer using the contact information provided in Section 18.

If you are not happy with anything we do in relation to your personal information, you may lodge an objection or complaint with our Information Officer. If your objection or complaint is not resolved to your satisfaction, you have the right to lodge a complaint with the Information Regulator at:

In accordance with POPIA, WardWiZ has designated an Information Officer responsible for ensuring compliance with data protection laws. For any queries, concerns, or requests related to data protection, privacy, or your rights as a data subject, please contact:

For general questions, technical support, or feedback regarding WardWiZ, please contact: