Privacy statement

This is the privacy statement of Connection Mental Healthcare, having its registered office at 3 Rodwell Road, St James, Western Cape, South Africa. You can reach us via the contact form on this website or by calling us on +27 21 541 0643.

Last updated: May 2026.

Applicability of this statement

This privacy statement applies to all personal data, including medical data, that you provide to us verbally, in writing or digitally, for example via a registration form, a contact form on our website or through personal contact with our staff.

Connection Mental Healthcare is the controller within the meaning of the General Data Protection Regulation (GDPR) with regard to the processing of your personal data. This means that we determine which personal data are processed, for what purpose and in what manner. We are responsible for ensuring that your personal data are processed properly and with due care. We attach great importance to your privacy and therefore exercise the utmost care in handling and protecting your personal data.

In this privacy statement, we explain which data we process, the purposes for which they are used and what your rights are under the GDPR and other relevant legislation. In addition to the GDPR, the rules of medical professional confidentiality apply in full to the processing of data.

Legal framework

We process data in accordance with the requirements set out in the GDPR and the specific rules applicable in the healthcare sector regarding the confidentiality and protection of medical data. These include, among others, the Medical Treatment Contracts Act (Wet op de geneeskundige behandelovereenkomst, WGBO), the Individual Healthcare Professions Act (Wet op de beroepen in de individuele gezondheidszorg, Wet BIG), the Health Insurance Act (Zorgverzekeringswet, Zvw) and the Act on Additional Provisions for the Processing of Personal Data in Healthcare (Wet aanvullende bepalingen verwerking persoonsgegevens in de zorg, Wabvpz).

Legal basis and purpose of data processing

We process your data on the basis of the treatment agreement (see Article 6 of the GDPR). In order to perform the agreement (your treatment) to the best of our ability, it is necessary for us to maintain a patient file on you. Your personal data are collected and retained by us in order to treat you well and to provide you with high-quality care and support. In addition, we need your data to account for the quality of care (effectiveness and legitimacy) and for the financial settlement of the care/treatment.

When you register via our website or by telephone, for example, to obtain information about treatment or to undergo a telephone screening, we also process the data you provide to us on this basis, as we need your data to determine whether we are able to offer you suitable treatment.

Should we process data for any purpose other than your treatment, for example, a client satisfaction survey, we will request your explicit consent.

Below is an overview of the personal data we process as a minimum:

• Name
• Address
• Contact details
• Sex
• Date of birth
• Tax or social security number
• Insurance details
• Contact details of your contact persons
• Referral from your GP and reason for registration
• Consent declarations
• Medical data such as results of (laboratory) tests, allergies, medication use and outcomes of questionnaires
• Treatment plan and records of treatment progress
• Correspondence with your referrer and, where applicable, other healthcare providers involved (for which you have given explicit consent)

Your personal data are properly secured by us against unauthorised access. Staff members who do not have a treatment relationship with you and are not directly involved in the care provided are, in principle, not granted access to your medical file.

All staff members within Connection Mental Healthcare are required to treat your data confidentially. These staff members are bound by (derived) medical professional confidentiality or by a contractual confidentiality clause with us.

We keep a record of each individual staff member, healthcare provider or practitioner who has viewed your file ('logging'). You are entitled to an electronic copy of this logging, subject to a fee, so that you can see which staff member, healthcare provider or practitioner viewed or requested your file and on what date.

Given medical professional confidentiality and the privacy rules of the GDPR, we may, in principle, only disclose your personal data to third parties if we have obtained your express consent to do so. Before requesting your consent, we will inform you of the purpose, content and possible consequences of the disclosure to a third party.

In a number of cases, we have a legal right or even a legal obligation to disclose your data to third parties without your prior consent, such as to other healthcare providers who are directly involved in your treatment and to your health insurer (insofar as necessary for the performance of the insurance, such as claims assessment and substantive auditing). In such cases, we do not require your consent. You may object to disclosure without your consent, but this may mean that we are unable to provide you with proper medical treatment.

Your personal data are not retained for longer than is necessary. If you are or have been a patient of ours, we are legally required to retain your patient file for 20 years. This period may be extended if necessary, for example for your health or the health of your children.

As a patient, you have statutory rights in respect of your file held by us. Below, we inform you of your rights. If you wish to exercise any of these rights, you may do so by contacting your practitioner or a case manager in writing or verbally.

Right of access to your file

You have the right to see which personal data we process about you. Insofar as these data are recorded in a medical file within the meaning of the WGBO, you have the right to inspect your own medical file and to receive a copy of it. We never charge a fee for this inspection or for making a digital copy of the data.

Only you yourself have the right of access to your file, not, for example, your contact persons or employer. This is to protect your privacy. Upon inspection, you will only see data relating to yourself, such as the treatment plan and treatment records. You do not have the right to inspect personal notes made by healthcare providers, practitioners or staff members. We may (partially) refuse access if the privacy of another person would be compromised as a result.

We will comply with your request for access as soon as possible, but no later than within one month (see Article 12 GDPR).

The right to rectification or erasure of medical data

Under the GDPR, you have the right to supplement, have corrected or have erased ('right to be forgotten') the personal data we hold about you. Insofar as your request for erasure relates to the medical file within the meaning of the WGBO, we are not required to comply with your request for destruction if it is reasonably foreseeable that continued retention could be of substantial importance to another person. This could include our interests in the context of accountability for the care we have provided or the interests of your descendants in the case of a hereditary disease.

Right to withdraw consent

If you give us consent to share your data with others, such as your contact persons or other healthcare providers, you have the right to withdraw that consent. From that point onwards, we may no longer share information with that person.

Transfer of file

If you transfer to another healthcare provider, it is important that the new healthcare provider or practitioner is aware of the care we have provided. At your request, we will, in principle, always cooperate with the transfer of your file to your new healthcare provider or practitioner.

Under the GDPR, you may submit a request to us to send digital personal data in a readable computer file to you or to another healthcare provider ('data portability'). The right to data portability applies only to digital personal data that you yourself have actively and consciously provided. This also includes data that you have provided indirectly through the use of a service or device, for example by means of a blood test, a pacemaker or a blood pressure monitor.

A cookie is a small text file that is stored on your computer, tablet or smartphone when you first visit our website. You can opt out of these cookies by setting your internet browser so that it no longer stores cookies. You can also delete all previously stored information via your browser settings.

For more information, head to Cookie statement.

We take the protection of your personal data and medical file seriously. We apply appropriate measures in line with the latest state of the art to prevent misuse, loss, unauthorised access, unwanted disclosure and unlawful alteration.

If you have the impression that your data are not adequately secured or there are indications of misuse, please contact us at info@connection-mhc.co.za.

You may also send a request for correction, deletion, destruction or transfer of your file or an objection to the processing of your personal data, to info@connection-mhc.co.za. You are of course also welcome to contact us by telephone and make your request verbally.

If you wish to contact the complaints officer, you may complete the complaints form and send it to us by post or by email.