Zita Occupational Privacy Policy
Zita Occupational Health Privacy Policy
Effective Date: 25 May 2026
Last Updated: 25 May 2026
1. Introduction
Zita Occupational Health (“Zita”, “we”, “our”, or “us”) is committed to protecting the privacy, confidentiality, and security of personal information in accordance with the Protection of Personal Information Act 4 of 2013 (“POPIA”), the Occupational Health and Safety Act 85 of 1993, applicable occupational health and medical surveillance regulations, and applicable Google Play and Apple App Store privacy requirements.
2. Scope of This Privacy Policy
This Privacy Policy applies to Zita Occupational Health websites, Zita Connect mobile and web applications, occupational health systems, employee medical surveillance programs, fitness-for-work assessments, digital reporting systems, and related services provided by Zita Occupational Health.
3. Information We Collect
Depending on the services provided, we may collect and process the following categories of information:
3.1 Personal and Employment Information
- Full name and surname
- Identity number, passport number, or employee number
- Date of birth and gender
- Contact details
- Employer, department, occupation, and job title
- Company medical surveillance or occupational health records
3.2 Occupational Health and Medical Information
- Medical questionnaires and declarations
- Fitness-for-work assessments and certificates
- Occupational medical examination results
- Audiometry, spirometry, vision screening, and other screening results
- Laboratory, radiology, specialist, or referral reports where applicable
- Injury-on-duty, return-to-work, incapacity, or occupational disease information
- Exposure history and workplace health risk information
3.3 Technical and App Usage Information
- Device information
- IP address and browser information
- Application logs and crash reports
- Authentication records
- Usage analytics used to improve system performance and security
4. Why We Collect Information
We collect and process personal information for the following purposes:
- To provide occupational health services
- To conduct employee medical surveillance
- To issue medical fitness certificates
- To assist employers with occupational health and safety compliance
- To manage return-to-work, injury-on-duty, and incapacity assessments
- To maintain legally required occupational health records
- To communicate with employees, employers, and authorised healthcare providers
- To improve, secure, and maintain our digital platforms
5. Legal Basis for Processing
We process personal information where it is necessary for occupational health services, employee consent, employer occupational health and safety obligations, contractual service level agreements, medical surveillance requirements, legal compliance, and legitimate occupational health purposes.
Employees are generally required to sign POPIA consent or acknowledgement documentation when registering with their employer. Employers may also include annexures, workplace policies, or occupational health and safety procedures confirming that relevant employee information may be shared with Zita Occupational Health for occupational health, medical surveillance, and safety-related services.
6. Employer and Company Relationship
In many cases, the employer is the primary responsible party for employee occupational health processing, and Zita Occupational Health acts as an authorised occupational health service provider and operator. Employers may provide employee information to Zita Occupational Health as part of their legal and workplace health and safety obligations.
7. Cloud Hosting and Firebase
Zita Occupational Health uses secure cloud-based technology, including Firebase and Google Cloud services, to store, process, and manage certain personal and occupational health information.
Information may be stored on secure cloud infrastructure and may be processed in jurisdictions outside South Africa where cloud services require this. Where cross-border processing occurs, Zita Occupational Health takes reasonable steps to ensure that appropriate safeguards are in place in accordance with POPIA.
8. Sharing of Information
We do not sell personal information. We only share information where it is lawful, necessary, and relevant to the provision of occupational health services.
Information may be shared with:
- The employee’s employer, where legally and contractually appropriate
- Occupational medical practitioners and authorised healthcare professionals
- Laboratories, radiology providers, specialists, or referral providers where required
- Cloud hosting and technology service providers
- Regulatory authorities, legal representatives, or public bodies where required by law
9. Data Security
We use reasonable technical and organisational safeguards to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction.
These safeguards may include:
- Secure cloud infrastructure
- Encrypted data transmission
- User authentication controls
- Role-based access controls
- Restricted access to medical information
- Audit logs and system monitoring
- Secure database and storage rules
10. Data Retention
Zita Occupational Health retains personal information only for as long as reasonably necessary for the purpose for which it was collected, or for as long as required by law, occupational health regulations, contractual obligations, or medico-legal requirements.
10.1 Active Service Level Agreements
Employee data is generally retained while the employee’s company or employer has an active service level agreement or occupational health relationship with Zita Occupational Health.
10.2 When a Company Leaves Zita Occupational Health
Once a company no longer works with Zita Occupational Health, we review the relevant employee records. Personal information that is no longer required for lawful, medical, occupational health, or regulatory reasons is securely deleted, permanently removed, or anonymised where appropriate.
10.3 Legal Retention of Medical and Occupational Health Records
Certain occupational health and medical surveillance records may need to be retained after a company relationship ends. This is done where required by South African law, including the Occupational Health and Safety Act 85 of 1993 and applicable regulations relating to occupational medical surveillance, hazardous exposures, asbestos, hazardous chemical agents, and other workplace health risks.
Depending on the type of exposure or medical surveillance involved, certain records may be required to be retained for extended periods, including periods of up to 40 years in specific regulated occupational health contexts. These records are retained only where legally required or where necessary for lawful medico-legal, occupational health, or regulatory purposes.
11. Deletion Requests
Users may request deletion of their personal information by contacting Zita Occupational Health. Where the information is not legally required to be retained, we will take reasonable steps to delete or anonymise it.
Where occupational health legislation, medical surveillance requirements, or medico-legal obligations require continued retention, we may be unable to delete certain records immediately. In such cases, the records will remain securely stored and will only be used for lawful purposes.
12. User Rights
Subject to applicable law, users may have the right to:
- Request access to their personal information
- Request correction of inaccurate or outdated information
- Request deletion where legally permissible
- Object to certain processing activities
- Withdraw consent where processing is based on consent
- Lodge a complaint with the Information Regulator of South Africa
Requests may be submitted to info@zitaoh.co.za.
13. Cookies and Analytics
Our website and digital platforms may use cookies, analytics tools, and similar technologies to improve functionality, monitor performance, maintain security, and understand how users interact with our services.
Users may disable cookies through their browser settings, although some website or application features may not function correctly if cookies are disabled.
14. Children’s Privacy
Our services are intended primarily for workplace occupational health purposes and are not directed at children. We do not knowingly collect children’s personal information unless it is medically necessary, legally authorised, and processed with appropriate consent or authority.
15. Third-Party Service Providers
We may use trusted third-party service providers to support our services, including cloud hosting, authentication, communication, analytics, and system maintenance providers. These providers are only authorised to process information where necessary to provide services to Zita Occupational Health and must protect the information in accordance with applicable law.
16. Marketing Communications
We do not use occupational health medical information for unrelated marketing purposes. Where we send service updates or communications, users may opt out where legally and practically applicable.
17. Changes to This Privacy Policy
Zita Occupational Health may update this Privacy Policy from time to time. Updated versions will be published on our website or within our digital platforms. The updated version will apply from the date shown at the top of the policy.
18. Contact Information
For privacy queries, access requests, correction requests, deletion requests, or POPIA-related enquiries, please contact:
Zita Occupational Health
87 Dunswart Avenue
Dunswart, Boksburg
South Africa
Email:
info@zitaoh.co.za
Telephone:
010 493 3546