Privacy Policy

Last updated: 20 April 2026

1. Who we are

Risk Navigator is a healthcare environmental compliance platform operated for Mediclinic hospital facilities. This policy describes how we collect, use, store, and protect your personal information in line with the Protection of Personal Information Act (POPIA) of South Africa and the General Data Protection Regulation (GDPR).

Information Officer

Name: Mediclinic Information Officer
Email: privacy@mediclinic.example
Contact for any privacy, access, or deletion request.

2. What data we collect

• Identity data: name, email, phone, role, assigned hospital and department
• Authentication data: hashed password, session tokens, sign-in timestamps
• Activity data: inspections performed, checklist responses, tasks assigned or resolved
• Evidence data: photos and documents you upload as compliance evidence
• Technical data: IP address and user agent recorded in our audit log

3. Why we process it

We process your data to:

• Authenticate and authorise you on the platform
• Run compliance inspections and produce ISO 14001 audit evidence
• Assign corrective-action tasks and track their resolution
• Maintain an immutable audit trail for regulators and auditors
• Comply with healthcare, environmental, and data protection law

4. Lawful basis

We process your data on the basis of your explicit consent (captured on first sign-in), contractual necessity (your employment or engagement with the hospital), and legal obligation (audit and health-and-safety record-keeping).

5. Who we share it with

• Internally: Managers, inspectors, and administrators within your hospital or region, based on role-based access control
• Auditors: External ISO 14001 auditors during scheduled audits (read-only)
• Service providers: Supabase (our database and storage provider) under a data-processing agreement

We do not sell your data, use it for marketing, or share it with third parties for any other purpose.

6. How long we keep it

• User profile data: while your account is active, plus 12 months
• Inspection and audit records: 7 years (statutory audit retention)
• Audit log entries: 7 years
• Evidence photos and documents: 7 years

7. Your rights

Under GDPR and POPIA you have the right to:

• Access: request a copy of the personal data we hold about you (available from your Profile page as a JSON export)
• Rectification: correct inaccurate data (edit your profile, or ask an admin)
• Erasure: request deletion of your data (submit a request from your Profile page; an admin will process it)
• Restriction: ask us to pause processing while a dispute is resolved
• Objection: object to any processing you believe is unlawful
• Withdraw consent: you may withdraw consent at any time; this may limit your ability to use the platform

On a deletion request, we anonymise rather than hard-delete personal identifiers, to preserve the integrity of the audit trail required by ISO 14001. Your name and email are replaced with a non-reversible hash; your linked inspection records remain but can no longer be traced back to you.

8. Security

• All data is encrypted in transit (TLS) and at rest
• Passwords are hashed with industry-standard algorithms (bcrypt via Supabase Auth)
• Row-Level Security enforces strict, role-based access on every query
• Sessions expire after 30 minutes of inactivity
• All data changes are logged in an immutable audit log

9. Cookies

We use only essential cookies required to keep you signed in. We do not use tracking, analytics, or advertising cookies.

10. Data location

Your data is stored on Supabase infrastructure in a region selected for POPIA compliance. No personal data is transferred outside of approved jurisdictions without explicit contractual safeguards.

11. Complaints

If you believe we have mishandled your personal data, contact our Information Officer first. You may also lodge a complaint with:

• The Information Regulator (South Africa) — inforeg@justice.gov.za
• Your local data protection authority (EU/UK residents)

12. Changes to this policy

We may update this policy. Material changes will be notified via email and require renewed consent.