GMed: Privacy & Security Framework

Last Update: 27/01/2026

1. Introduction & Purpose

This Privacy and Security Framework describes the measures implemented by Gobycon Med (“GMed”, “we”, “us”) to safeguard the confidentiality, integrity, and availability of data processed through our electronic medical record services.

This framework is designed to ensure compliance with applicable data protection and privacy legislation, including the Protection of Personal Information Act, 2013 (POPIA) and the General Data Protection Regulation (GDPR).

Our core operating principle is Anonymized Custodianship:
we act as custodians of medical data, not custodians of personal identity.

2. The Principle of Anonymized Custodianship

GMed operates an intentionally privacy-preserving architecture. We do not collect or store personal identifiers within the EMR environment. As a result, health data stored within the system cannot be directly linked to an identifiable individual by our systems.

This design materially reduces the risk of re-identification, unauthorised disclosure, and downstream privacy harm.

Personal Identifiers Not Collected Within the EMR Environment

The following data elements are not collected, stored, or processed within the EMR vault:

Full Name
National Identity Number or Passport number
Physical or Residential Address
Phone Number
Email Address
Employment Information (occupational health services)

3. Categories of Data Processed and Legal Bases

We process three distinct categories of data, each under a separate legal basis and system boundary.

A. Health Data
- Legal Basis: Explicit consent and Public Interest in Public Health (GDPR Article 9; POPIA section 32)
- What: Medical histories, diagnostic results, clinical notes, occupational health assessments and health-related content uploaded/provided by the user.
- How: Health data is stored in a secure, encrypted, access-controlled digital vault. Access is granted exclusively through a randomized Membership ID. The vault contains no personal identifiers and is logically isolated from billing and operational systems.
B. Minimal Billing Information
- Legal Basis: Contractual necessity and legal obligation
- What: A contact email address and payment-related information required to process subscriptions and comply with financial and tax obligations.
- How: Billing information is processed and stored within a separate, billing environment, isolated from health data systems. Personal billing details are never written to, linked with, or queryable from the EMR vault or Membership ID database.
C. Membership ID & Service Linkage Data
- Legal Basis: Legitimate interest and operational necessity
- What: A randomized, system-generated Membership ID used to authenticate access and manage account status.
- How: The Membership ID is stored in a restricted operational database used to authenticate your access to the health vault and to manage your account status. It is pseudonymised and not linked to your billing information or health data in directly queryable way.

4. Technology Partners & Processor Compliance

GMed engages third-party service providers strictly as data processors. Where applicable, each processor is subject to:

a written data processing agreement,
confidentiality obligations,
security and breach notification requirements,
restrictions on sub-processing,
obligations to process data only on our documented instructions.

Where applicable, international data transfers are safeguarded through legally recognised transfer mechanisms, including standard contractual safeguards.

5. Data Sharing Protocol

GMed does not initiate data sharing autonomously.

User-Initiated, Admin-Executed Sharing:
- Data sharing occurs only at the explicit request of the user.
- The user specifies the folder and the recipient.
Access Link Creation & Dispatch:
- A time-limited, password-protected access link is generated for the specified folder only.
- The link is securely transmitted to the recipient on the user’s behalf using encrypted communication channels
Limited Scope of Access:
- Recipients may access only the designated folder.
- They cannot view other folders, metadata, account structures, or the Membership ID.
No Auditing of Content: GMed facilitates secure transmission but does not monitor, review, or audit the clinical content being shared.

6. Data Security Measures

GMed implements layered technical and organisational safeguards, including:

Encryption: Data is encrypted in transit (using TLS 1.2+ protocols) and at rest (using AES-256 encryption) within the third-party server environment;
Strict access Controls based on the Principle of Least Privilege for staff access;
Multi-factor authentication (2FA) for administrative access;
System Isolation between health data, billing data, and operational identifiers;
Mandatory data protection training for all personnel.

7. Data Breach Response

GMed maintains a documented incident response procedure.

In the event of a suspected or confirmed data breach, our response protocol include:

Investigation and containment of the incident without undue delay;
Risk assessment of data subjects;
Notification to the relevant supervisory authority where required by law;
Corrective and preventative measures.

Due to the anonymised nature of stored health data, the risk of identity-based harm is significantly reduced, but incidents are nevertheless treated with the highest level of seriousness.

8. Data Retention & Erasure

Health Data:
- Health data is retained in accordance with HPCSA guidelines, Statutory retention period and GDPR storage limitation principles and the user’s selected membership plan.
- Upon plan expiry or at the end of the post-mortem retention period, data is retained at least six years after they become dormant and until the 21st birthday for minors, thereafter permanently and irreversibly deleted.
Billing Information:
- Billing records are retained only for the period required by applicable financial and tax legislation, after which they are securely deleted.
User Rights:
- Users may exercise data subject rights in accordance with GDPR and POPIA.
  - Access your personal data
  - Rectification of inaccuracies
  - Erasure (where legally permissible)
  - Restriction or objection to processing
  - Data portability
  - Lodge complaints with the Information Regulator or EU supervisory authority
- Requests relating to health data are authenticated using the Membership ID and access credentials.
- Requests relating to billing or payment data may require additional verification and coordination with relevant processors.

9. User Responsibilities

Users are responsible for:
- Safeguarding their Membership ID and access credentials;
- Ensuring the accuracy of recipient details when requesting data sharing;
- Ensuring they have the legal authority to upload any health data submitted to the service.

10. Cookies and Tracking

GMed may use cookies for functionality, analytics, and security. Cookie preferences may be managed through browser settings.

11. Policy Review

GMed may update this Privacy Policy periodically and whenever there is:

a material change in processing activities,
a significant security incident,
or a change in applicable law or regulatory guidance.

Continued use of the Services constitutes acceptance of revisions.

You further acknowledge that you have read and understood that this document forms part of a single, integrated contractual framework, as incorporated by reference into one another, and are subject to the document hierarchy set out in the GMed Terms and Conditions. If you do not agree, you must discontinue use of GMed services immediately.

For questions about this framework, please contact:
GMed EMR Support
Email: info@gobyconmed.com

WhatsApp/Phone number: +27 76 469 5837