PAMOJA AFRICA PRIVACY POLICY

Introduction

Pamoja Africa ("we," "us," or "our") is committed to protecting the privacy and security of our users' personal and medical information. This policy describes how we collect, use, and safeguard your data through our website, NFC Medical Profile Cards, and mobile application.

Information We Collect

To provide our specialized healthcare financing and emergency data services, we collect:

• Personal Identification: Name, ID/Passport number, date of birth, and contact details.
• Medical Information (Sensitive Data): Blood type, allergies, chronic conditions, and emergency contact details (stored for the Medical Profile Card).
• Financial Information: Transaction history related to prepaid vouchers and crowdfunding contributions.
• Agent Data: For our referral partners, we collect banking details for commission payouts and performance metrics.

Legal Basis for Processing

In accordance with POPIA and GDPR, we process your data based on:

• Consent: You explicitly agree to store your medical data on the NFC card.
• Contractual Necessity: We need your data to manage your health vouchers and crowdfunding campaigns.
• Vital Interests: Processing medical data is critical for emergency first responders to save lives.

Data Sharing and Disclosure

We do not sell your personal data. We only share information with:

• Registered Healthcare Partners: To verify and redeem your prepaid vouchers.
• Emergency Services: First responders who scan your NFC Medical Profile Card.
• Payment Gateways: To process secure transactions.
• Law Enforcement: Only when legally mandated under South African law.

The NFC Medical Card Security

The Pamoja Africa NFC card does not store "plain text" medical data.

• Encryption: All data is encrypted using AES-256 standards.
• Access Control: Accessing sensitive medical files via the QR or NFC chip requires the scanner to be a verified user or requires a one-time authorization on your linked device.

Your Rights (POPIA & GDPR)

Under South African and International law, you have the right to:

• Access: Request a copy of the personal data we hold.
• Correction: Update or correct inaccurate information.
• Deletion (Right to be Forgotten): Request that we delete your data (subject to financial record-keeping laws).
• Objection: Object to your data being used for direct marketing.

Data Retention

• Medical Data: Retained as long as your account is active.
• Financial Records: Retained for 7 years as required by the South African Revenue Service (SARS) and financial regulations.

International Data Transfers

If we expand beyond South Africa, your data may be processed in other jurisdictions. We ensure that any international transfer complies with POPIA Section 72, ensuring the recipient country has adequate data protection laws.

Security Measures

We implement industry-standard technical and organizational measures, including firewalls, data encryption, and regular security audits of our 4 regional hubs in Johannesburg, Cape Town, Durban, and Port Elizabeth.

Contact Our Information Officer

If you have questions regarding this policy or wish to exercise your rights, please contact: