1.1. Fundamedical Management (Pty) Ltd t/a FundaMedical (“the Service Provider”) is committed to safeguarding the privacy of all Data Subjects that the Medical Legal Experts render Medical Legal Services to. This Privacy Notice and Policy, as amended from time to time (“the Policy”), outlines how the Personal Information of a Data Subject will be treated in the course and scope of Medical Legal Services being rendered through, inter alia, FundaFree.

1.2. The Policy has been prepared in accordance with the relevant provisions of the Protection of Personal Information Act 4 of 2013 (“POPI”). In adopting the Policy, the Service Provider wishes to balance its legitimate business interests and the Data Subject’s reasonable expectation of privacy. In consequence, the Service Provider will take the appropriate and reasonable technical and organizational steps to prevent unauthorized access to or disclosure of the Data Subjects’ personal information as defined within POPI.

1.3. The following definitions outlined hereunder, shall have the following meanings:

1.3.1. “Data Subjects” shall mean the Service Provider, the Medical Legal Experts, the Patient, the Instructing Attorney and/or other Entity (“the Parties”) as well as the Parties’ respective staff, authorized representatives and/or independent contractors (where applicable).

1.3.2. “Entity” shall mean any legally recognized entity or person, that is not either the Service Provider, the Medical Legal Expert, the Patient or the Instructing Attorney.

1.3.3. “External Service Provider” shall mean

1.3.4. “FundaFree” shall mean the FundaFree platform that is used by the Service Provider.

1.3.5. “Instructing Attorney” shall mean (i) the duly authorized and admitted attorney practicing for his/her own account, (ii) admitted attorneys operating in partnership with one another or (iii) registered firm of attorneys, who act on behalf of the Patients or other Entities.

1.3.6. “Medical Legal Experts” shall mean the professionally registered person or Entity rendering Medical Legal Services within his/her/its chosen field of expertise. Examples of fields of expertise include but are not limited to orthopedic surgery, occupational therapy, physiotherapy, speech and language therapy, neurology, psychology (inclusive of clinical neuropsychology), industrial psychology and/or actuarial services.

1.3.7. “Medical Legal Services” shall mean the expert services that the Medical Legal Experts provide to the Instructing Attorney, the Patient and/ or other Entity, which is inclusive of but not limited to (i) the compilation of medical legal reports inclusive of addendums, (ii) the compilation of joint minutes and (iii) providing expert testimony in respect of the aforesaid.

1.3.8. “Patient” shall mean the plaintiff in the legal proceedings being pursued where expert evidence is needed in relation to the nature, extent and permanent effects of a damage causing incident.

1.3.9. “Personal Information” shall mean information in relation to the Data Subjects, including but not limited to: – views or opinions of another individual about the Data Subjects; corporate structure, composition and business operations, irrespective whether such information is in the public domain or not; correspondence that is implicitly or expressly of a personal, private or confidential nature (or further correspondence that would reveal the contents of the original correspondence); race, sex, gender, pregnancy status, marital status, nationality, ethnic or social origin, colour, age, physical or mental health, well-being, disability, religion, conscience, belief, cultural affiliation, language and birth; education, medical, financial, criminal or employment history; names, indemnity number and/or any other personal identifier, including any number(s), which may uniquely identify Data Subjects; and Special Personal Information.

1.3.10. “Processing” shall mean any operation or activity or set of operations, whether by automatic means or not, concerning Personal Information, including: – the collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, alteration, consultation or use; dissemination by means of transmission, distribution or making available in any other form by electronic communications or other means; or merging, linking, blocking, degradation, erasure or destruction. “Process” has a corresponding meaning.
1.3.11. “Special Personal Information” shall mean the same as the meaning ascribed to it in terms of POPI.


2.1. The Personal Information that the Service Provider collects, through inter alia FundaFree, in the ordinary course and scope of its business includes but is not limited to (i) name and surnames, (ii), identity and/or passport number, (iii) email and physical addresses, (iv) postal address, (v) contact numbers, (vi) medical information and/or (vii) employment history of the Patient with a view to assist the Medical Legal Experts in rendering Medical Legal Services.


3.1. Personal Information is processed and used on FundaFree by both the Service Provider and the Medical Legal Experts, given that the same is relevant for purposes of (i) the provision of Medical Legal Services in terms of the Instructions received and
(ii) operation of the Service Provider’s business.


4.1. Consent to processing of Personal Information: –

4.1.1. through using FundaFree, the User automatically consents to the Service Provider processing any information that falls within the ambit of Personal Information and/or Special Personal Information in terms of the relevant provisions of POPI;

4.1.2. the consent given to the Service Provider using its Personal Information to the extent that such Personal Information is necessary for purposes of discharging its obligations in terms of all Instructions for Medical Legal Services received;

4.1.3. the Data Subjects may withdraw the consent given or object to the Service Provider Processing their Personal Information at any time in accordance with the relevant provisions of POPI;

4.1.4. the Service Provider will ensure that it will Process Personal Information only for purposes of discharging its obligations in terms of the Policy or such other purposes as the Data Subjects may consent to from time to time and the Service Provider, will not process any Personal Information for any other further purposes which the User or the Data Subjects, as the case may be, has not consented to.

4.2. Storage of Personal Information: –

4.2.1. the Service Provider warrants that it will keep the Data Subjects’ Personal Information that it Processes secure and confidential and it will maintain the integrity and confidentiality of the Personal Information in its possession or under its control by taking appropriate, reasonable technical and organisation measures in line with international best practice to prevent the loss of, damage to, unauthorised destruction of or unlawful access to the Personal Information;

4.2.2. the Service Provider will provide the User, upon request of the latter, with sufficient proof, to the satisfaction of the User, that it has implemented physical, organisational , contractual and technological security measures to keep all Personal Information secure, including protecting any Personal Information from loss or theft as well as unauthorised access, disclosure, copying, use or modification;

4.2.3. the Service Provider will notice the User, in writing, if a security breach (or a reasonable belief of a security breach) in respect of Data Subject’s Personal Information occurs. The Service Provider will provide such notification as aforesaid, as soon as reasonably possible after it has become aware of any security breach of Personal Information and immediately upon notifying, at its own cost, take all necessary steps as well as the reasonable steps directed to mitigate the continuation of the compromise, the repetition of a similar compromise and mitigate the extent of the loss occasions by the compromise of the Personal Information.

4.3. Retention of Personal Information: –

4.3.1. the Service Provider will process Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected and/or permitted or required by applicable law;

4.3.2. once the purposes for which the Personal Information was initially collected and processed no longer applies or becomes obsolete, the Service Provider will ensure that the same is deleted, destroyed or de-identified to ensure that a third party cannot re-identify such Personal Information.

4.4. Provision of Personal Information to Third Parties: –

4.4.1. where necessary, the Service Provider may disclose Personal Information to an External Service Provider, on the condition that the Service Provider will enter into the relevant agreements with the said External Service Provider to ensure that they Process all Personal Information in accordance with the provisions of the Policy, POPI and only to fulfil the purposes for which that Personal Information was collected;

4.4.2. the Service Provider will not send any Personal Information to any jurisdiction outside the Republic of South Africa without the prior written consent of the User.

4.5. Access to Personal information: –

4.5.1. the Data Subject may, at any time, request access to their Personal Information held by the Service Provider on FundaFree and request the correction or deletion of such Personal Information;

4.5.2. the Data Subject can challenge the accuracy or completeness of its Personal Information in the Service Provider’s records. If the Data Subject successfully demonstrate that their Personal Information in the Service Provider’s records is inaccurate or incomplete, then the Service will ensure that such Personal Information is amended or deleted as requested by the Data Subject.

4.6. Indemnity: –

4.6.1. the Data Subject hereby indemnifies the Service Provider against all all losses (including costs on an attorney own client basis), interest, penalties and/or other expenses that the User may incur as a result of any claim lodged against it in respect of breach of the Policy. This obligation to indemnify shall continue for long as the Service Provider remains in possession of Personal Information.


5.1. The Data Subject is entitled, but not limited to, the following in terms of POPI : –

5.1.1. request access to Personal Information that the Service Provider holds about them;

5.1.2. request the correction and/or deletion of Personal Information held by the Service Provider;

5.1.3. request the restriction of processing in respect its Personal Information or object to the processing entirely;

5.1.4. withdraw its consent to the processing of Personal Information (where the Personal Information Is being processed on the basis of prior consent); and

5.1.5. lodge a complaint with the Information Regulator if (i) its privacy rights have been violated and/or (ii) it has suffered a loss as a result of unlawful processing of Personal Information.


6.1. For any questions or requests in relation to the Policy or if a Data Subject would like to exercise its rights in terms of the Policy, please contact the Service Provider’s information officer on [email protected]