Radiological Society of South Africa Radiological Society of South Africa RSSA

Privacy Policy

Please read this Privacy Policy carefully to understand the policies and practices of the Radiological
Society of South Africa (RSSA) regarding your information and how it will be treated. Every term of
this Policy is material. If you do not agree with the RSSA’s policies and practices, your choice is not
to use its services or the website.


The RSSA is a voluntary membership association and is the voice of the radiology profession in South

The RSSA’s contact details are as follows:

Address: 202a, Block B, Tokai Village Centre, Vans Road, Tokai
Tel.: 084 293 9789


The contact details of the RSSA’s Information Officer are as follows:

Name: Dr Richard Tuft
Tel.: 084 293 9789


3.1 “Member” refers to a person who has been admitted as a member of the RSSA in terms of the
RSSA’s Constitution and “membership” has a corresponding meaning.

3.2 “Officer” refers to a member of the Board or any Committee of the RSSA.

3.3 “Personal information” has the meaning ascribed to it in POPIA, and refers to information

relating to identifiable, living, natural persons as well as identifiable, existing juristic persons, and
includes, but is not limited to -

(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or
social origin, colour, sexual orientation, age, physical or mental health, well-being, disability,
religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history
of the person; (c) any identifying number, symbol, e-mail address, physical address, telephone number, location
information, online identifier or other particular assignment to the person; (d) the biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential
nature or further correspondence that would reveal the contents of the original
correspondence; (g) the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or
if the disclosure of the name itself would reveal information about the person,
and “information” has a similar meaning unless the context requires otherwise.

3.4 “Processing” has the meaning ascribed to it in POPIA, and refers to any operation or activity or
any set of operations, whether or not by automatic means, concerning personal information,
including -

(a) the collection, receipt, recording, organisation, collation, storage, updating or modification,
retrieval, alteration, consultation or use; (b) dissemination by means of transmission, distribution or making available in any other form;
or (c) merging, linking, as well as restriction, degradation, erasure or destruction of information.

3.5 “POPIA” means the Protection of Personal Information Act (Act 4 of 2013).

3.6 “RSSA” means the Radiological Society of South Africa.


3.7 “You” / “your” refers to the data subject (i.e. the person or entity) whose personal information
is in the possession of or under the control of or processed by the RSSA.


This Privacy Policy applies to personal information that the RSSA has in its possession or under its
control, or information that it collects from you or that you may provide to it (for example, when you
use the RSSA’s membership services or register on and/or submit information via the RSSA’s website),
and the RSSA’s practices for processing, which includes collecting, using, storing, linking and
disseminating, that information. This Policy also applies to other persons or entities that may process
personal information on behalf of the RSSA.


The RSSA understands that your personal information is important to you and that you may be anxious
about disclosing it. Your privacy and the security of your information are just as important to the RSSA
and it therefore wants to make sure you understand how your information will be processed.

The RSSA acknowledges that it is bound by applicable law to keep your personal information
confidential and to protect such information. It is committed to conducting its business in accordance
with the relevant legal requirements in order to ensure that the confidentiality of your personal
information is protected and maintained. The RSSA takes this commitment to look after your personal
information seriously. It has implemented a number of processes to make sure it is used in the right
way. This Privacy Policy stipulates amongst others how the RSSA collects your personal information,
the type of information collected, why that information is collected, the circumstances under which
that information will be shared with others, the security measures that the RSSA has implemented to
protect your personal information and your right to obtain access to and correct the information in its
possession or under its control.


The RSSA applies the following principles in order to protect your privacy:

• No more personal information about you than what is necessary is collected;

• Your personal information is only used for the purposes specified in this Privacy Policy, unless you
agree otherwise; • Your personal information is not kept by the RSSA if it is no longer needed; and • Other than as specified in this Privacy Policy, the RSSA does not share your personal information
with third parties.



You must make sure that if you provide personal information about someone else to the RSSA,
including of a radiology practice, you have their consent and they are comfortable for you to share
their personal information with the RSSA. You should make sure that they read this Privacy Policy and
understand how the RSSA will use and disclose their information. When you provide information
about someone else, the RSSA will assume that you have their consent.


The RSSA obtains personal information directly from you when you become a member, when you log
onto the RSSA’s website, when you provide personal information to the RSSA, when a complaint is
lodged against you or when a regulator or another entity or person provides the RSSA with information
about you. The information that the RSSA requests from you is necessary to provide you with
membership and other services and to fulfil the objects of the RSSA as set out in its Constitution.


There are various laws that permit the processing of your personal information such as POPIA. The
RSSA will only process, which includes collect, use or disclose, your personal information in accordance
with the law or otherwise with your consent and will always strive to keep your information
confidential, whether you supply it directly the RSSA or whether it is collected lawfully from other

The RSSA generally processes the following personal information, as may be applicable, and retain it
as part of its records:

• Names, identity numbers, dates of birth, age, contact details, addresses, Health Professions Council of South Africa’s (HPCSA [MP]) number or professional registration number in another
country, practice details, academic institution details, role in practice, frequency of role in
practice, practice associations, active location (province where conducting business), nationality,
gender, race (voluntary for members), disability, qualifications, fellowships, SAMA membership,
specialisation and interests, RSSA subgroup memberships, hobbies or leisure interests and/or
photos of members, officers, employees, contractors and consultants of the RSSA and participants
at RSSA events; • Names, titles and contact details of relevant persons at radiological practices and academic
institutions (such as partners, directors, practice managers and academic heads of department),
stakeholders (including funders), relevant government departments and regulators; • Practice-related information such as number and type of practitioners (e.g. fulltime/ part-time,
partners / professional assistants) and information technology (IT) vendor-related information,
including software packages used; • Signatures of official signatories of the RSSA; • Bank details and curriculum vitae of officers and employees of the RSSA; • Relevant medical information and employment-related information (such as sick certificates,
performance records, salary information, bank details, tax numbers, references, employment
history, etc.) of employees of the RSSA; • Billing details and payment history related to membership fees; • Black-Economic Empowerment (BEE) status of suppliers; • Records of engagements and correspondence with the RSSA; • Members’ opinions on matters relevant to RSSA’s business and services that it provides; and • Utilisation of the RSSA’s products and services, if relevant and appropriate.

Other personal information may be collected and processed, as may be necessary and applicable in
the circumstances.

You may object to the processing of your personal information, unless the RSSA may do so in terms of
the law, by using Form 1 published in terms of POPIA
( If
you exercise this right or you withdraw your consent and, if the circumstances make it reasonable for
the RSSA to do so, it may terminate your membership and/or relationship with you.


The RSSA processes your personal information for the following purposes:

• to provide you with relevant membership or other services; • to facilitate the provision of services by you to the RSSA; • to administer your membership and collect membership fees; • to communicate with you about relevant industry matters and the RSSA’s business, including
industry and RSSA events; • to engage with regulators, relevant public bodies and other stakeholders (e.g. funders, IT Vendors)
on behalf of RSSA members; • to communicate the RSSA’s services and events to you; • for historical, statistical and research purposes, whilst protecting your confidentiality; and • for any other lawful purpose related to the services that the RSSA provides.

The RSSA does not use your personal information for commercial purposes.


In order to provide members with membership services, the RSSA will share their relevant personal
information with -

• relevant funders, if necessary; • persons or entities (including relevant regulators), if the RSSA is obliged to do so in terms of the
law or its Constitution; • the RSSA’s professional advisers; • employees, officers, administrators and service providers (such as IT vendors) who assist the RSSA
to provide the services and who must perform functions related to the administration of the
RSSA’s business. These service providers may obtain access to your personal information on
occasion, but then only for the purpose of rendering services to the RSSA and only in terms of
written agreements requiring them to implement appropriate security measures, to maintain the
confidentiality of your information and to refrain from processing your information for any
purpose other than rendering services to the RSSA; • law enforcement structures and the courts; and

• as required or permitted by law or regulation, where the RSSA is under a duty to disclose or share
your personal information in order to comply with any legal obligation or to protect the rights,
property or safety of the RSSA’s business, employees, patients, the public or others.

The personal information of other persons will only be shared as permitted in terms of the law or as
otherwise agreed to with such a person.

The exact consequences of the abovementioned disclosures of the information are not known and
information related to these disclosures must be obtained from the person to whom the information
is disclosed.


The RSSA will retain records of your personal information for as long as it is necessary for lawful
purposes, including to fulfil your requests, provide services to you, comply with legal obligations,
resolve disputes and enforce agreements. The RSSA may also retain your personal information for
historical, statistical and research purposes, subject to the provisions of the law.


The RSSA processes and stores your information in records within the Republic South Africa (RSA) and
also in Dropbox and iCloud. These processes are under review to ensure compliance with POPIA. If the
RSSA must provide your personal information to any other third party in another country, it will obtain
your prior consent unless such information may be lawfully provided to that third party.


The RSSA is committed to ensuring the security of your personal information in order to protect it
from unauthorised processing and access as well as loss, damage or unauthorised destruction. It
continually reviews and updates its information protection measures to ensure the security, integrity,
and confidentiality of your information in accordance with industry best practices. The measures it
adopts to ensure the security of your personal information includes technical and organisational
measures and internal policies to prevent unauthorised access, loss or use of personal information.
Measures used include the physical securing of the offices where information is held; locking of
cabinets with physical records; password control to access electronic records and off-site data back ups. In addition, only those employees, officers and service providers that require access to your
information to discharge their functions relating to RSSA’s business and the services the RSSA provides
will be permitted access to your information and only if they have concluded agreements with /
provided undertakings to the RSSA requiring them to implement appropriate security measures and
to maintain the confidentiality of your information. The RSSA will inform you and the Information
Regulator, when the law allows it, if any person unlawfully obtains access to your Personal
Information, subject to the provisions of the law.


You have the right to access your personal information subject to restrictions imposed in legislation.
You may request access to your information in the possession of or under the control if the RSSA and
information of third parties to whom the RSSA supplied that information. If you wish to exercise this
right, please contact the RSSA’s Information Officer. The relevant form published in terms of the
Promotion of Access to Information Act (Act 2 of 2000) (PAIA) must be completed
( The costs specified in the
Regulations to PAIA apply to requests for access.


It is important that the RSSA always has accurate information about you on record as it could impact
on communication with you and the credibility of information shared with relevant persons in the
industry. You must therefore inform the RSSA as soon as any of your information has changed.

You may also request that the RSSA corrects or deletes any information. Such a request must be made
in writing by using Form 2 published in terms of POPIA
( to
the Information Officer and provide sufficient detail to identify the information and the correction or
deletion required. Information will only be corrected or deleted, if the RSSA agrees that the
information is incorrect or should be deleted. It may not be possible to delete all of the information if
there is a legal basis to retain the information. However, please contact the Information Officer to
discuss how the RSSA can assist you with your request. If the RSSA corrects any information and the
corrected information will impact on any decision made or to be made about you, the RSSA will send
the corrected information to persons to whom the information has been disclosed in the past if they
should be aware of the changed information.


If you have given the RSSA specific consent to do so, it may occasionally inform you, electronically or
otherwise, about supplementary products and services offered by the RSSA and relevant industry
bodies that may be useful or beneficial to you. You may at any time withdraw your consent and opt
out from receiving such information. You may not opt-out of membership-related communications,
which are not promotional in nature.



The RSSA reserves the right in its sole and absolute discretion, to revise or supplement this Privacy
Policy from time to time to reflect, amongst others, any changes in its business or the law. The RSSA
will publish the updated Privacy Policy on its website at It will also be available
at the RSSA’s offices. Any revised version of the Policy will be effective as of the date of posting on the
website, so you should always refer back to the website for the latest version of the Policy. It is your
responsibility to make sure you are satisfied with any changes before continuing to use the RSSA’s
services. If the RSSA makes a material change to this Policy, you will be notified by e-mail and/or
posting on the website that the RSSA’s privacy practices have changed and you will obtain a link to the
new Policy. In the event that the RSSA makes a material change to how it uses your personal
information, it will provide you with an opportunity to opt out of such new or different use. If you
have any questions concerning this Policy, please e-mail the RSSA at


All enquiries, requests or concerns regarding this Policy or relating to the processing of your personal
information should be addressed to the Information Officer. If you believe that the RSSA processes
your personal information contrary to this Privacy Policy or in contravention of the law, please contact
the Information Officer immediately. You may also lodge a complaint with the Information Regulator
(once POPIA has been implemented).


This Privacy Policy is governed by the laws of the RSA.