Privacy Policy
Last updated: 14 July 2026
1. Who we are
This website (optivohealth.com) is operated by Optivo Health Solutions (Pty) Ltd (“Optivo”, “we”, “us”), a company registered in South Africa (registration number 2025/902432/07).
Optivo provides a workflow-first digital health record platform for optometry practices. This policy explains how we handle personal information collected through this website, in line with the Protection of Personal Information Act, 2013 (POPIA). We are the responsible party for the personal information described in this policy.
2. Our Information Officer
Our registered Information Officer is Heinrich Wobbe. If you have any question about this policy or how we handle your personal information, contact us by email at admin@optivohealth.com.
3. What personal information we collect
a. When you submit our practice sign-up form. To register your interest in the Optivo beta and prepare your onboarding, we collect information you provide, which may include:
- Practice details — practice name, legal entity name and type, registration number, practice number (BHF/PCNS), VAT number, physical and postal address, practice phone and email, and your current record-keeping system.
- The owner or authorised signatory — full name, role, email address and cell/WhatsApp number.
We do not collect banking or debit-order details through this website. Those are collected separately on the signed beta agreement.
b. When you contact us. If you email us or otherwise get in touch, we keep your contact details and the content of your message so we can respond and follow up.
c. Automatically, when you visit the site. Like most websites, our web server may log limited technical information — such as your IP address, browser type and the pages you view — to keep the site secure and working. Our pages also load fonts from Google Fonts, which means Google receives your IP address when a page loads. We do not run advertising or analytics tracking on the site. See section 8.
4. Why we collect it, and our lawful basis
We process this information to:
- respond to your enquiry and register your interest in the beta;
- prepare and carry out your practice’s onboarding and set up your account;
- communicate with you about the service, scheduling and support;
- carry out our contract with your practice, or take steps at your request before entering into it; and
- meet our legal and regulatory obligations.
Our lawful bases under POPIA (section 11) are: your consent; the conclusion or performance of a contract to which you are a party (or steps taken at your request before contracting); compliance with a legal obligation; and our legitimate interests in operating and growing the service, balanced against your rights. Providing the sign-up information is voluntary, but without it we cannot register your practice or set up onboarding.
5. Who we share it with
We do not sell your personal information. We share it only with:
- Service providers (operators) who process information on our behalf, under written contracts requiring them to keep it secure and use it only on our instructions — including our website hosting provider, our cloud hosting and database provider, and our email and communications tools.
- Our development team, bound by confidentiality and IP obligations, to build and support the platform.
- Authorities or third parties where the law requires it, or to establish, exercise or defend legal claims.
6. Storage and cross-border transfer
Our platform data is hosted with a reputable cloud provider on infrastructure located in the European Union (Ireland). Some supporting tools (for example logging and messaging services) may process limited technical data on servers outside South Africa, including in the European Union and the United States.
Where personal information is transferred outside South Africa, we do so in line with section 72 of POPIA — relying on the recipient being subject to laws or binding agreements that provide an adequate, comparable level of protection, and on contractual safeguards with our providers. Information is encrypted in transit (TLS) and at rest (AES-256).
7. How long we keep it
We keep your personal information only for as long as needed for the purposes above — while we are in contact about the beta and for the duration of any resulting relationship with your practice — and thereafter for as long as the law requires or as needed to resolve disputes and enforce our agreements. When it is no longer needed, we securely delete or de-identify it.
8. Cookies and analytics
Our website does not use advertising cookies, analytics, or third-party tracking, and we do not track you across other websites. Our hosting may set a strictly necessary cookie to keep the site working and secure; the site does not otherwise store cookies on your device. Our pages load fonts from Google Fonts, so Google receives your IP address when the fonts load — this does not place tracking cookies on your device. You can control or delete cookies through your browser settings. If we add website analytics in future, we will update this policy to name the tool and describe what it collects.
9. Your rights
Under POPIA you have the right to:
- ask what personal information we hold about you and request access to it;
- ask us to correct or delete information that is inaccurate, irrelevant, excessive, out of date or unlawfully obtained;
- object, on reasonable grounds, to our processing of your information;
- withdraw any consent you have given (this will not affect processing already carried out); and
- lodge a complaint with the Information Regulator.
To exercise any of these rights, contact our Information Officer at admin@optivohealth.com. We may need to verify your identity before acting on a request.
10. Complaints to the Regulator
If you believe we have not handled your personal information lawfully, you may complain to:
The Information Regulator (South Africa)
Email: enquiries@inforegulator.org.za / POPIAComplaints@inforegulator.org.za
Telephone: +27 (0)10 023 5200
Website: inforegulator.org.za
We’d appreciate the chance to address your concern first — please contact us before, or alongside, approaching the Regulator.
11. Patient records in the Optivo application
This policy covers only the information collected through this website. Patient clinical records processed inside the Optivo application are handled by Optivo as an operator on behalf of each practice, and are governed by the agreement between Optivo and that practice — not by this policy.
12. Security
We take reasonable technical and organisational measures to protect personal information against loss, unauthorised access and misuse — including encryption in transit and at rest, access controls, and a documented data-breach response procedure. No system is perfectly secure, but we work to protect your information and to respond promptly if something goes wrong.
13. Changes to this policy
We may update this policy from time to time. The “last updated” date at the top shows when it last changed. Material changes will be posted on this page.