PAMOJA AFRICA PRIVACY POLICY

1. Introduction

Pamoja Africa ("we," "us," or "our") is committed to protecting the privacy and security of our users' personal and medical information. This policy describes how we collect, use, and safeguard your data through our website, NFC Medical Profile Cards, and mobile application in strict accordance with the Protection of Personal Information Act (POPIA) of South Africa.

2. Information We Collect

To provide our specialized healthcare financing and emergency data services, we collect:

• Personal Identification: Name, ID/Passport number, date of birth, and contact details.
• Medical Information (Sensitive Data): Blood type, allergies, chronic conditions, and clinical records uploaded to your Medical Archive.
• Financial Information: Transaction history related to prepaid vouchers and crowdfunding contributions.
• Agent Data: Banking details for commission payouts and performance metrics.

3. Legal Basis for Processing

In accordance with POPIA and GDPR, we process your data based on:

• Consent: You explicitly agree to store your medical data in our secure cloud and on the NFC card.
• Contractual Necessity: We need your data to manage your health vouchers and crowdfunding campaigns.
• Vital Interests: Processing medical data is critical for emergency first responders to save lives.

4. Data Sharing and Disclosure

We do not sell your personal data. We only share information with:

• Registered Healthcare Partners: To verify and redeem your prepaid vouchers.
• Emergency Services: First responders who scan your NFC Medical Profile Card.
• Payment Gateways: To process secure transactions via certified third-party providers.

5. International Data Transfers

Your information is stored on secure Google Cloud servers located outside the Republic of South Africa (primarily in European or North American data centers). We ensure that any international transfer complies with POPIA Section 72, ensuring the recipient jurisdiction has adequate data protection laws or that we have entered into binding agreements to protect your data.

6. Your Rights (POPIA & GDPR)

Under South African and International law, you have the right to:

• Access: Request a copy of the personal data we hold.
• Correction: Update or correct inaccurate information.
• Deletion (Right to be Forgotten): You may request the permanent deletion of your account and all associated medical data via your Account Settings. Note that certain financial records must be retained for 7 years as per SARS regulations.
• Objection: Object to your data being used for direct marketing.

7. Data Retention

• Medical Data: Retained as long as your account is active.
• Financial Records: Retained for 7 years as required by South African financial regulations.

8. Security Measures

We implement industry-standard technical measures, including AES-256 encryption at rest and TLS encryption in transit. Our architecture ensures that sensitive medical documents are isolated and only accessible to you or authorized personnel during an emergency scan.

9. Contact Our Information Officer

If you have questions regarding this policy or wish to exercise your rights, please contact our designated Information Officer: