Privacy Policy

Protecting Your Personal Information

Effective Date: 1 June 2026

The Traditional Health Practice Association of Southern Africa NPC (THPASA NPC) is committed to protecting the privacy, confidentiality, integrity, and security of personal information entrusted to us by our members, applicants, practitioners, employees, volunteers, stakeholders, partners, service providers, and visitors to our website.

This Privacy Policy explains how THPASA collects, uses, stores, protects, shares, and manages personal information in accordance with applicable South African legislation and recognised governance principles.

By accessing this website, applying for membership, using THPASA services, or engaging with the Association, you acknowledge and agree to the practices described in this Policy.

1. About THPASA

The Traditional Health Practitce Association of Southern Africa NPC (“THPASA”, “the Association”, “we”, “our”, or “us”) is a non-profit company and voluntary professional body serving Traditional Health Practitioners and stakeholders throughout South Africa.

THPASA is committed to responsible information management and the protection of personal information under its control.

2. Legislative Framework

This Privacy Policy is informed by and implemented in accordance with:

  • Constitution of the Republic of South Africa, 1996;
  • Protection of Personal Information Act, 2013 (POPIA);
  • Promotion of Access to Information Act, 2000 (PAIA);
  • Electronic Communications and Transactions Act, 2002;
  • Common law duties of confidentiality;
  • Applicable governance and regulatory requirements.

3. Information We Collect

THPASA may collect information including:

Personal Information

  • Full names;
  • Identity or passport numbers;
  • Date of birth;
  • Gender (where required);
  • Contact details;
  • Residential and postal addresses;
  • Email addresses;
  • Telephone numbers.

Membership Information

  • Membership category;
  • Practitioner classifications;
  • Designation information;
  • Membership numbers;
  • Practitioner codes;
  • Registration status;
  • CPD records;
  • Governance participation records.

Professional Information

  • Qualifications;
  • Training history;
  • Mentorship records;
  • Professional experience;
  • Professional references;
  • Verification documentation.

Financial Information

  • Payment confirmations;
  • Membership fee records;
  • Banking details (where required);
  • Financial transaction references.

Technical Information

When using our website, we may collect:

  • IP addresses;
  • Browser information;
  • Device information;
  • Website usage statistics;
  • Cookies and analytics information.

4. How We Collect Information

Information may be collected through:

  • Membership applications;
  • Registration forms;
  • Online portals and systems;
  • OSTIC support requests;
  • Email correspondence;
  • Telephone enquiries;
  • Events and programmes;
  • Verification requests;
  • Research participation;
  • Website interactions;
  • Voluntary submissions.

5. Why We Process Personal Information

THPASA processes personal information to:

Membership Administration

  • Process applications;
  • Manage memberships;
  • Maintain practitioner records;
  • Administer renewals.

Professional Classification & Designation

  • Assess eligibility;
  • Allocate classifications;
  • Verify professional standing;
  • Manage practitioner designations.

Practitioner Verification

  • Confirm membership status;
  • Validate practitioner records;
  • Respond to verification requests.

Governance Administration

  • Conduct elections;
  • Support committees;
  • Manage governance participation.

Financial Administration

  • Process payments;
  • Issue invoices;
  • Maintain financial records.

Professional Development

  • Administer CPD programmes;
  • Manage educational activities;
  • Record professional development participation.

Research & Knowledge Development

  • Conduct authorised research;
  • Develop publications;
  • Support Indigenous Knowledge initiatives.

Legal & Regulatory Compliance

  • Meet statutory obligations;
  • Manage disputes;
  • Respond to lawful requests.

6. Lawful Basis for Processing

THPASA processes information where:

  • Consent has been provided;
  • Processing is necessary for membership administration;
  • Processing is required by law;
  • Processing is necessary to fulfil contractual obligations;
  • Legitimate organisational interests apply;
  • Public interest obligations apply.

7. Practitioner Information & Public Verification

To promote public confidence and professional accountability, THPASA may publish limited practitioner information through authorised verification systems.

Published information may include:

  • Practitioner name;
  • Membership status;
  • Designation;
  • Classification level;
  • Good standing status.

Sensitive personal information will not be publicly disclosed unless authorised by law or consent.

8. Research & Indigenous Knowledge Systems

THPASA recognises the importance of Indigenous Health Knowledge Systems and the need for ethical information management.

Research activities involving personal information or Indigenous Knowledge must:

  • Respect cultural and customary protocols;
  • Protect confidentiality;
  • Obtain appropriate consent;
  • Promote equitable participation;
  • Avoid exploitation or unauthorised disclosure.

THPASA supports responsible stewardship of Indigenous Health Knowledge and opposes unauthorised extraction, misuse, or misappropriation of knowledge entrusted to practitioners and communities.

9. Information Sharing

THPASA does not sell personal information.

Information may be shared only where necessary with:

  • Authorised THPASA officials;
  • Service providers acting on behalf of THPASA;
  • Legal representatives;
  • Regulatory authorities;
  • Government departments;
  • Auditors;
  • Professional advisers;
  • Other parties where required by law.

All information sharing must be subject to appropriate safeguards.

10. Information Security

THPASA implements reasonable technical, administrative, and organisational measures to protect personal information against:

  • Unauthorised access;
  • Loss;
  • Theft;
  • Alteration;
  • Destruction;
  • Disclosure.

Security measures may include:

  • Access controls;
  • Password protection;
  • Encryption technologies;
  • Audit logging;
  • Secure storage systems;
  • Staff confidentiality obligations.

11. Data Retention

THPASA retains information only for as long as reasonably necessary to:

  • Fulfil operational requirements;
  • Maintain membership records;
  • Meet legal obligations;
  • Support governance requirements;
  • Preserve historical and institutional records.

Retention periods may vary according to record type and legal requirements.

12. Cookies & Website Analytics

Our website may use cookies and related technologies to:

  • Improve website functionality;
  • Analyse usage patterns;
  • Enhance user experience;
  • Support website security.

Users may manage cookie preferences through their browser settings.

Disabling certain cookies may affect website functionality.

13. Your Rights

Subject to applicable law, individuals may have the right to:

Access Information

Request access to personal information held by THPASA.

Correct Information

Request correction or updating of inaccurate information.

Object to Processing

Object to certain forms of processing where permitted by law.

Request Deletion

Request deletion of information where lawful and appropriate.

Withdraw Consent

Withdraw consent where processing is based on consent.

Lodge Complaints

Submit complaints regarding the processing of personal information.

14. PAIA Requests

Requests for access to records held by THPASA may be submitted in accordance with the Promotion of Access to Information Act (PAIA).

Access requests will be processed in accordance with applicable legal requirements and THPASA’s PAIA procedures.

15. Children’s Information

THPASA does not knowingly collect personal information from children except where:

  • Required for authorised programmes;
  • Appropriate consent has been obtained;
  • Processing is otherwise permitted by law.

Additional safeguards may apply to such information.

16. Third-Party Websites

This website may contain links to external websites.

THPASA is not responsible for the privacy practices, content, or security of third-party websites and encourages users to review their privacy policies.

17. Changes to this Privacy Policy

THPASA may amend this Privacy Policy from time to time to reflect legal, operational, technological, or governance developments.

Updated versions will be published on this website and become effective upon publication unless otherwise stated.

18. Information Regulator Registration

THPASA is registered with the Information Regulator (South Africa) in accordance with the Protection of Personal Information Act, 2013 (POPIA).

Information Regulator Registration Details

ItemDetails
OrganisationTraditional Health Practice Association of Southern Africa NPC (THPASA NPC)
Registration Number2026-002208
Organisation TypePrivate Organisation
Legal FormNon-Profit Company (NPC)
Registration Date16 February 2026

THPASA maintains a formal Information Governance Framework to support compliance with applicable privacy, information access, records management, and information security obligations.

Information Officer

In accordance with POPIA and PAIA, THPASA has designated an Information Officer responsible for overseeing information governance, privacy compliance, access to information administration, records management, and the protection of personal information.

Information Officer

Dr Thabiso Edison Jameo Calvert

President & Chief Executive Officer

Information Officer

Traditional Health Practitioners Association of Southern Africa NPC (THPASA NPC)

Responsibilities of the Information Officer

The Information Officer is responsible for:

  • Monitoring compliance with POPIA;
  • Facilitating compliance with PAIA;
  • Managing privacy and information governance matters;
  • Overseeing records management practices;
  • Responding to access to information requests;
  • Managing privacy-related complaints and enquiries;
  • Promoting responsible processing of personal information;
  • Supporting information security and governance initiatives.

Requests, Complaints & Privacy Enquiries

Individuals may contact THPASA regarding:

  • Access to personal information;
  • Correction of personal information;
  • Objections to processing;
  • Withdrawal of consent (where applicable);
  • PAIA requests;
  • POPIA-related complaints;
  • Information security concerns;
  • Privacy enquiries.

Contact the Information Officer

Email: president@thpasa.co.za

Legal Affairs & Compliance Unit

Email: legal@thpasa.co.za

Online Support, Ticketing & Information Centre (OSTIC)

For the fastest response, privacy requests, PAIA applications, POPIA complaints, and information governance enquiries may be submitted through the THPASA Online Support, Ticketing & Information Centre.

Online Support, Ticketing & Information Centre (OSTIC)

For privacy requests, information correction requests, objections, complaints, or information access enquiries, please submit a request through the THPASA Online Support, Ticketing & Information Centre.

THPASA Commitment

THPASA is committed to respecting privacy, protecting personal information, promoting ethical information governance, and maintaining the trust placed in the Association by its members, practitioners, communities, institutions, and stakeholders.