Privacy Policy
Last updated: 5 May 2026
1. Who We Are
Dr Nthabiseng Mathethe Dental Surgery (“the Practice”, “we”, “us”) is a registered dental practice operating at 53 Mimosa Avenue, Proclamation Hill, Pretoria, 0183. The Practice is regulated by the Health Professions Council of South Africa (HPCSA) and is the Responsible Party as defined in the Protection of Personal Information Act 4 of 2013 (POPIA).
Information Officer: Dr Nthabiseng Mathethe
Contact: thabzmathethe@gmail.com | 066 079 6472
2. Information We Collect
We collect personal and health information only to the extent necessary to provide safe, effective dental care and to comply with our legal obligations. This includes:
Personal identifiers
- Full name, date of birth, identity number
- Contact details (phone, email, postal address)
- Next-of-kin and emergency contact details
Health and medical information
- Medical history, current medications, allergies and relevant systemic conditions
- Dental records, X-rays, photographs, intra-oral scans and treatment notes
- Referral letters and specialist reports
Financial and insurance information
- Medical aid scheme name, membership number and dependant code
- Billing and payment records
Website and communication data
- Appointment enquiries and booking requests submitted via our website
- Email and WhatsApp correspondence relating to your care
3. Lawful Basis for Processing
We process your personal information on one or more of the following grounds as set out in section 11 of POPIA:
- Consent: you provide consent at registration and before any treatment.
- Performance of a contract: to fulfil our obligation to provide the dental services you have requested.
- Legal obligation: to comply with the National Health Act 61 of 2003, the Health Professions Act 56 of 1974, HPCSA guidelines and the Medical Schemes Act 131 of 1998.
- Legitimate interest: to protect patient safety, prevent fraud and administer the Practice.
4. How We Use Your Information
Your information is used exclusively to:
- Diagnose, plan and provide dental treatment
- Communicate appointment reminders, recalls and post-treatment instructions
- Submit medical aid claims and process payments on your behalf
- Comply with HPCSA record-keeping requirements
- Refer you to specialists or other healthcare providers where clinically necessary
- Operate and improve our practice management systems
- Meet any court order, regulatory inquiry or statutory requirement
We do not use your information for unsolicited marketing without your explicit consent, and we do not sell or trade your personal information to third parties.
5. Sharing Your Information
We may share your information with:
| Recipient | Purpose |
|---|---|
| Medical aid schemes | Claims submission and authorisation |
| Dental specialists and referral practitioners | Coordinated patient care |
| Dental laboratories | Fabrication of prosthetics, crowns, orthodontic appliances |
| Practice management software providers | Appointment scheduling, clinical records |
| HPCSA and statutory bodies | Compliance, disciplinary or investigation proceedings |
| Law enforcement or courts | Where required by law or court order |
All third parties who process data on our behalf are bound by appropriate confidentiality and data-processing agreements.
6. Retention of Records
In accordance with HPCSA guidelines and the National Health Act:
- Adult patient records are retained for a minimum of 5 years after the last visit.
- Minor patient records are retained until the patient turns 26 years of age (i.e. 5 years after reaching majority).
- Financial records are retained for 5 years in accordance with the South African Revenue Service (SARS) requirements.
After the applicable retention period, records are securely destroyed.
7. Security
We implement appropriate technical and organisational measures to protect your information against loss, theft, unauthorised access, disclosure, alteration or destruction. These measures include:
- Password-protected practice management systems
- Encrypted backups stored off-site
- Role-based access controls (only treating staff access clinical records)
- Physical security of paper records
- Staff training on confidentiality obligations
Despite these measures, no system is completely secure. Please notify us immediately if you believe your information may have been compromised.
8. Your Rights Under POPIA
You have the right to:
- Access a copy of the personal information we hold about you
- Correct inaccurate or outdated information
- Delete your information (subject to our legal record-keeping obligations)
- Object to the processing of your information on legitimate-interest grounds
- Withdraw consent where processing is based solely on consent (note: withdrawal does not affect past lawful processing)
- Lodge a complaint with the Information Regulator
To exercise any of these rights, contact our Information Officer at the details above. We will respond within 30 days.
9. Complaints
If you are not satisfied with how we handle your personal information, you may lodge a complaint with:
The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: inforeg@justice.gov.za
Website: www.justice.gov.za/inforeg
10. Changes to This Policy
We may update this Privacy Policy from time to time. The current version is always available on our website. Material changes will be communicated to existing patients.