Data Policy

1. Scope

This Data Policy describes the technical and organisational practices CareBridge Connect (Pty) Ltd applies to data collected through our website (carebridgeconnect.co.za), our Care2Report application, and any other services we operate.

2. Data We Process

3. Data Storage and Location

Data is stored with reputable cloud hosting providers operating infrastructure in South Africa or the European Union. Where data is transferred outside South Africa, we ensure adequate safeguards are in place as required by POPIA.

4. Data Security Measures

• All data transmitted over the internet is encrypted using TLS 1.2 or higher.
• Passwords are stored as salted hashes using industry-standard algorithms.
• Access to production systems is restricted by role-based access control and multi-factor authentication.
• We conduct periodic security reviews and patch vulnerabilities promptly.
• Employees with access to personal data are bound by confidentiality obligations.

5. Data Breach Procedure

In the event of a data breach that poses a risk to data subjects, we will notify the Information Regulator of South Africa within 72 hours of becoming aware of the breach, and affected data subjects without undue delay, as required by POPIA.

6. Third-Party Processors

We work with the following categories of third-party processors who handle personal data on our behalf under data processing agreements:

• Cloud hosting: server and database infrastructure.
• Transactional email: delivery of system notifications and contact form replies.
• Analytics: aggregated, privacy-preserving website usage analytics.
• WhatsApp Business Platform: Meta Platforms, Inc. — subject to Meta's data processing terms.

7. Data Subject Rights

You may request access, correction, or deletion of your data at any time by contacting [email protected]. We will process requests within 30 days.

8. Contact