Privacy Policy

1. Introduction

MediSource (Pty) Ltd ("MediSource," "we," "us," or "our") is committed to protecting the personal information of our customers, website visitors, and business partners. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and the Electronic Communications and Transactions Act, 2002 (ECT Act).

By using our website at www.medisource.co.za or engaging with our services, you acknowledge that you have read and understood this policy.

2. Information Officer

In compliance with POPIA, our designated Information Officer can be contacted regarding any privacy-related queries:

3. What Personal Information We Collect

We collect the following categories of personal information depending on how you interact with us:

3.1 Information You Provide Directly

• Account registration: Name, email address, phone number, company name, VAT registration number
• Orders and purchases: Billing and delivery addresses, payment information (processed securely by our payment gateway — we do not store card details), purchase order numbers
• Quote requests: Product requirements, facility type, delivery preferences, company details
• Contact forms: Name, email, phone number, message content

3.2 Information Collected Automatically

• Device information: IP address, browser type, operating system, screen resolution
• Usage data: Pages visited, time spent on pages, click patterns, referring website
• Cookies and similar technologies: Session identifiers, preferences, analytics data (see Section 8)

4. Purpose of Processing

We process your personal information for the following lawful purposes as permitted under POPIA Section 11:

• Contract performance: Processing orders, managing your account, fulfilling deliveries, generating tax invoices
• Legitimate interest: Sending quote responses, providing customer support, improving our products and services, fraud prevention
• Consent: Marketing communications (only with your explicit opt-in consent, which you can withdraw at any time)
• Legal obligation: Tax record keeping, compliance with SARS requirements, responding to lawful requests from regulatory authorities

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information with the following categories of third parties, strictly to fulfil the purposes described above:

• Payment processors: To securely process transactions (e.g., PayFast, Peach Payments)
• Courier and logistics partners: Delivery name, address, and contact number for order fulfilment
• Cloud service providers: Website hosting and email services, with data processing agreements in place
• Analytics providers: Anonymised usage data for website improvement (e.g., Google Analytics)
• Professional advisors: Accountants and legal counsel where required by law

All third parties are contractually required to protect your information and process it only for the specified purposes.

6. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected:

7. Your Rights Under POPIA

As a data subject, you have the following rights under POPIA:

• Right of access: Request confirmation of what personal information we hold about you
• Right to correction: Request correction or deletion of inaccurate, irrelevant, or outdated personal information
• Right to deletion: Request destruction of personal information that is no longer necessary for the purpose it was collected
• Right to object: Object to the processing of your personal information for direct marketing purposes
• Right to withdraw consent: Withdraw previously given consent for marketing communications at any time
• Right to lodge a complaint: File a complaint with the Information Regulator if you believe your rights have been infringed

To exercise any of these rights, contact our Information Officer at privacy@medisource.co.za. We will respond within 30 days.

8. Cookies

Our website uses cookies to improve your browsing experience. The types of cookies we use include:

• Essential cookies: Required for basic website functionality, shopping cart, and checkout (cannot be disabled)
• Analytics cookies: Help us understand how visitors use the site (Google Analytics — anonymised data)
• Functional cookies: Remember your preferences and recently viewed products

You can manage cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to browse or purchase products.

9. Security Measures

We implement appropriate technical and organisational measures to protect your personal information, including:

• SSL/TLS encryption on all pages
• PCI-DSS compliant payment processing (handled by third-party payment gateways)
• Restricted access to personal information on a need-to-know basis
• Regular security updates and monitoring of our systems

While we take all reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

10. Cross-Border Data Transfers

Some of our service providers may process data outside of South Africa (e.g., cloud hosting, email services). Where this occurs, we ensure that adequate safeguards are in place in accordance with POPIA Section 72, including verifying that the recipient country has adequate data protection laws or that binding contractual protections are in place.

11. Children's Privacy

Our website and services are intended for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected such information, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.