iKambi Health

POPIA

POPIA Operator Terms

Last updated: 23 May 2026

1. Purpose and roles

These POPIA Operator Terms form part of the agreement between iKambi Health and each healthcare practice using the platform. They describe how iKambi Health processes personal information on behalf of a practice.

For practice-managed patient and clinical data, the practice is generally the responsible party and iKambi Health is generally the operator under POPIA. iKambi Health processes that information to provide the platform and related support, security, billing, storage, and operational services.

2. Processing instructions

iKambi Health will process practice-controlled personal information only to provide, secure, maintain, support, and improve the iKambi Health service; to comply with lawful instructions from the practice; to meet legal obligations; and as otherwise agreed in writing.

The practice is responsible for ensuring that its use of iKambi Health, including the collection and upload of patient health information, has a lawful basis under POPIA and any applicable healthcare, medical scheme, tax, and professional rules.

3. Confidentiality

iKambi Health will treat practice-controlled personal information as confidential. iKambi Health will limit access to personnel and service providers who need access for authorised purposes and who are subject to confidentiality obligations.

Practices must ensure their owners, doctors, receptionists, contractors, and other authorised users are bound by appropriate confidentiality duties when handling patient and health information.

4. Security safeguards

iKambi Health will establish and maintain reasonable technical and organisational measures designed to protect personal information against unauthorised access, acquisition, loss, damage, disclosure, alteration, or destruction, taking into account the nature of the information and reasonably foreseeable risks.

Current safeguards include role-based access, practice-scoped records, audit logs, TLS, controlled production access, database security, file storage controls, backups, and operational monitoring. Safeguards may evolve as the platform changes.

5. Security incidents

Where iKambi Health has reasonable grounds to believe that practice-controlled personal information has been accessed or acquired by an unauthorised person, iKambi Health will notify the affected practice as soon as reasonably possible after becoming aware of the incident and will provide information reasonably available to assist the practice with its POPIA obligations.

The practice remains responsible for notifications to the Information Regulator and affected data subjects where POPIA requires those notifications, unless otherwise agreed or required by law.

6. Sub-operators and service providers

iKambi Health may use service providers for hosting, database, storage, email delivery, payment processing, security, monitoring, and support. iKambi Health will take reasonable steps to ensure such providers are bound by appropriate confidentiality and security obligations for the services they provide.

7. Assistance and return or deletion

iKambi Health will provide reasonable assistance to practices for access, correction, export, deletion, audit, and data subject requests using available platform features and support processes.

On termination, iKambi Health may retain information for a reasonable period as needed for backup, legal, accounting, security, dispute, and continuity purposes, after which it will delete or de-identify information according to its retention processes and legal obligations.

8. Contact

POPIA operator questions, security concerns, or data protection requests can be sent to hello@ikambihealth.com.