Phelang Bonolo Healthcare (“us”, “we”, or “our”) operates the website (the “Service”).

We will not use or share your information with anyone except as described in this Privacy Policy.

We use your Personal Information for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at


Protection of Personal Information Act (often called the POPI Act or POPIA) Complience

The following terms shall apply to the using of this website:

For purposes of this website disclaimer:

“Botshilu” shall mean Botshilu Private Hospital Proprietary Limited (Registration Number: 2005/02296307) and Botshilu Hospital Pharmacy Proprietary Limited (Registration Number: 2014/131681/07), any direct or indirect subsidiaries of the companies within the meaning of section 3 of the Companies Act, any partnership, unincorporated joint venture, or trust in which the companies may have a direct or indirect interest.

By viewing this website, you hereby acknowledge that you expressly give Botshilu consent to collect, process and retain your personal information that identifies or relates specifically to you and/or to your company, for example, your name, age, gender, identity number and your email address which may be provided because of using the facility in accordance with the Protection of Personal Information Act, 4 of 2013 (“POPI”).

Botshilu shall take all reasonable measures to protect the personal information of data subjects and collects, retains, and uses the data subject’s information primarily to communicate requested information, to provide services to the the data subject as requested, to authenticate the data subject, to provide the data subject with access to restricted pages on this website, or to compile non-personal statistical information about browsing habits, click patterns and access to Botshilu’s website

The information we maintain concerning our clients is stored in databases that have built-in safeguards to ensure its privacy and confidentiality.

Botshilu accepts no liability whatsoever for any loss, damage (whether direct, indirect, special, or consequential) and/or expenses of any nature whatsoever which may arise because of, or which may be attributable directly or indirectly from information made available on these pages or links, or actions or transaction resulting therefrom.

Botshilu Private Hospital Proprietary Limited, its wholly owned subsidiary Botshilo Properties Proprietary Limited and Botshilu Hospital Pharmacy Proprietary Limited (jointly referred to as “Botshilu”), provide healthcare services and dispense medicine and related substances.  Botshilu is committed to sound business practices in compliance with relevant legislation, which, for purposes of this Protection of Personal Information Policy, includes the Protection of Personal Information Act, 4 of 2013 (“POPI”) read with the Constitution of the Republic of South Africa. 

  • “personal information” means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to information relating to: 
  • race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physicality or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of the person. 
  • education or the medical, financial, criminal or employment history of the person.
  • any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other assignment to the person.
  • the biometric information of the person.
  • the personal opinions, views, or preferences of the person.
  • correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence.
  • the views or opinions of another individual about the person.
  • the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
  • “processing” means any operation or activity or any set of operations, whether by automatic means, concerning personal information, including: 
  • the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, or use. 
  • dissemination by means of transmission, distribution or making available in any other form.
  • merging, linking, as well as restriction, degradation, erasure, or destruction of information.


  • This policy will set out the way personal information of internal and external parties is collected, managed, stored, used, protected, and shared by Botshilu. This policy applies to all employees of Botshilu.
  • The objectives are to:
  • Process personal information lawfully in terms of legislation.
  • Provide a guideline as to the way Botshilu processes and protects personal information.
  • Adopt good practices in terms of processing of personal information.
  • Protect Botshilu from the consequences of breaching its responsibilities.
  • Display the commitment of Botshilu to uphold and respect information privacy. 


  • Botshilu may collect and process the following types of information: 
  • Company details, including registration number, contact details, VAT numbers, directors’ details. 
  • Next of kin details.
  • Medical aid details.
  • Name and surname.
  • Identity number.
  • Date of birth.
  • Medical History.
  • Medical conditions (prognosis, diagnosis, treatment, and medication).
  • Contact details, including email address, telephone numbers, address.
  • Credit reports.
  • Employment information.
  • Client payment reports.
  • Employee data, including salary, disciplinary records, banking details, medical information, account numbers, tax information.
  • Settlement letters/invoices from creditors or suppliers. 


Botshilu undertakes to comply with the conditions for the lawful processing of personal information:


Botshilu takes responsibility and remains accountable for personal information in its possession and will ensure that the conditions for lawful processing are complied with.

Processing limitation

  • Botshilu undertakes to process personal information:
  • In a reasonable manner that does not infringe the privacy of the data subject.
  • In a manner that is adequate, relevant, and not excessive.
  • Personal information will only be processed if:
  • The data subject or a competent person, where the data subject is a child, consents thereto.
  • Processing is necessary to conduct actions for the conclusion or performance of a contract to which the data subject is party.
  • Processing complies with an obligation imposed by law.
  • Processing protects a legitimate interest of the data subject.
  • Processing is necessary for the proper performance of a public law duty by a public body.
  • Processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
  • Personal information will be collected directly from the data subject, unless:
  • The information is contained in or derived from a public record or has deliberately been made public by the data subject.
  • The data subject or a competent person, where the data subject is a child, has consented to the collection of the information from another source.
  • Collection of the information from another source would not prejudice a legitimate interest of the data subject.
  • Collection of the information from another source is necessary:
  • To avoid prejudice to the maintenance of the law by any public body.
  • To comply with an obligation imposed by law or to enforce legislation.
  • For the conduct of proceedings, in any court or tribunal, that have commenced or are reasonably contemplated.
  • In the interests of national security.
  • To maintain the legitimate interests of the responsible party or of a third party to whom the information is supplied.
  • Compliance would prejudice a lawful purpose of the collection.
  • Compliance is not reasonably practicable in the circumstances of the case.
  • Purpose specification
  • Botshilu will collect personal information for the following and related purposes:
  • Admission of patients.
  • Treatment of patients.
  • Confirmation of patient details.
  • Confirm patient benefits with medical aid.
  • Submit claims to medical aid on behalf of patients.
  • Contacting next of kin.
  • Delivering of Services.
  • Complying with contracts.
  • Confirmation of employment.
  • Debt collection, including tracing in the event of default on payment.
  • Invoice and Quoting purposes.
  • Compliance with legislation.
  • Vetting of employees.
  • Communication with clients and suppliers.
  • Once personal information, processed and stored by Botshilu, has reached its expiry date, or becomes in any way redundant, Botshilu will destroy or delete the record of personal information in a manner that prevents its reconstruction in an intelligible form. 

Further processing limitation 

Botshilu undertakes to conduct any further processing of personal information in accordance or compatible with the purpose for which it was collected originally. 

Information quality 

Botshilu will take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary.

  • Openness 
  • Botshilu will maintain the documentation of all processing operations under its responsibility. 
  • If personal information is collected, Botshilu will take reasonably practicable steps to ensure that the data subject is aware of:
  • The information being collected or the source from which it is collected. 
  • The name and address of the responsible party.
  • The purpose for which the information is being collected.
  • Whether or not the supply of the information by that data subject is voluntary or mandatory.
  • The consequences of failure to provide the information.
  • Any law authorising or requiring the collection of the information.
  • The fact that, where applicable, the responsible party intends to transfer the information to a third country or international organisation and the level of protection afforded to the information by that third country or international organisation.
  • Any further relevant information.

Security safeguards 

  • Botshilu undertakes to secure the integrity and confidentiality of personal information in its possession or under its control. This is done by taking appropriate, reasonable technical and organisational measures to prevent loss of damage to or unauthorised destruction of personal information and unlawful access to or processing of personal information.
  • Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, Botshilu will notify, as soon as reasonably possible after the discovery of the compromise:
  • The Regulator. 
  • The data subject unless the identity of such data subject cannot be established. 
  • Botshilu has put in place the following adequate safeguards to secure the integrity and confidentiality of personal information:
  • Physical access security to the building.
  • Controlled access to the room in which physical documents are stored.
  • Physical security to building 24 hours a day.
  • Password protection on all computer logins.
  • Anti-virus on all computers.
  • Data subject participation

If you have any questions or concerns regarding this Privacy Policy, your personal information held, correction or deletion of personal information or updating personal information, you should contact us on



Botshilu shall ensure to have an Information Officer appointed who shall be registered with the Information Regulator and who shall be responsible to:

  • encourage compliance, by Botshilu, with the conditions for the lawful processing of personal information.
  • deal with requests made to Botshilu pursuant to POPI.
  • interact with the Information Regulator in relation to investigations conducted pursuant to POPI in relation to Botshilu.
  • ensure compliance by Botshilu with the provisions of POPI.


Botshilu collects personal information in the following manners:

  • Voluntary disclosure via multiple sources, including but not limited to admission forms.
  • Medical Aid Funds.
  • Website forms.
  • Medical Practitioners from other healthcare facilities.
  • Other hospitals.
  • Supplier applications

Information Collection And Use

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you.

Log Data

We collect information that your browser sends whenever you visit our Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.



Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.


Service Providers

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.

These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.



The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.


Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.


Children’s Privacy

Our Service does not address anyone under the age of 13 (“Children”).

We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we discover that a Children under 13 has provided us with Personal Information, we will delete such information from our servers immediately.


Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.


Contact Us

If you have any questions about this Privacy Policy, please contact us.