LocumSTAFF (Pty) Ltd ("LocumSTAFF", "we", "us") operates a healthcare staffing marketplace connecting verified locum healthcare professionals with pharmacies, clinics, and other healthcare facilities in South Africa.
This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our website, business portal, mobile applications, and related services (collectively, the "Platform").
We process personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and applicable health-sector regulations.
LocumSTAFF is the responsible party for personal information processed through the Platform.
Information Officer: privacy@locumvendr.co.za
Postal address: [Registered address], South Africa
Identity and contact details: name, email address, mobile number, South African ID or passport number (where required), and profile photograph.
Professional credentials: council registration numbers (HPCSA, SAPC, SANC), profession, specialisations, indemnity insurance, and uploaded verification documents.
Business information: practice or facility name, CIPC registration, practice code number (PCN), VAT number, branch addresses, and authorised representative details.
Compliance documents for facilities (CIPC certificate, professional indemnity) are collected after you sign in to the business portal — not on the public registration form.
Financial information: bank account details for locum payouts (stored encrypted; account numbers are masked in non-admin views).
Platform activity: shift applications, timesheets, payment records, messages, audit logs, device tokens, and support enquiries.
Technical data: IP address, browser type, session identifiers, and security logs required for fraud prevention and POPIA accountability.
To create and manage your account, verify identity and professional credentials, and enable shift matching.
To facilitate contracts between facilities and locums, including timesheet approval, invoicing, and payment processing.
To send transactional notifications (shift alerts, payment updates, document expiry reminders) via push, email, or in-app channels according to your preferences.
To comply with legal obligations, respond to regulators, and maintain immutable audit records of material actions.
To improve Platform security, detect abuse, and enforce our Terms of Service.
With your consent, to send product updates or marketing communications you may opt out of at any time.
Performance of a contract: processing necessary to provide the Platform and fulfil shift engagements.
Legal obligation: retention of financial and healthcare staffing records as required by South African law.
Legitimate interest: fraud prevention, Platform security, and service improvement, balanced against your privacy rights.
Consent: where required—for example, POPIA consent at registration (version recorded), optional marketing, and certain document uploads.
Between Platform users: limited profile and credential information is shared between facilities and locums to evaluate and confirm shifts.
Service providers: cloud hosting, email (AWS SES), push notifications (Firebase), payment reconciliation, and document storage (AWS S3 / MinIO) under data-processing agreements.
Regulators and law enforcement: where required by court order, statutory duty, or to protect the rights and safety of users.
We do not sell personal information to third parties.
Primary data storage is within South Africa or jurisdictions offering adequate protection as permitted under POPIA section 72.
Where personal information is transferred outside South Africa, we implement appropriate safeguards such as contractual clauses and encryption in transit and at rest.
Account and profile data is retained while your account is active and for a reasonable period thereafter to resolve disputes and meet legal obligations.
Financial, timesheet, and invoice records are retained for at least five years in line with tax and accounting requirements.
Audit logs are retained as immutable records for security and accountability purposes.
When you request deletion, we will erase or anonymise personal information unless retention is required by law or legitimate business needs.
Encryption of sensitive data at rest (including TOTP secrets and PII on managed databases).
Role-based access controls, JWT authentication, mandatory TOTP for facility managers and administrators on web, and rate limiting on authentication endpoints.
Signed, time-limited URLs for document access; no public buckets for user uploads.
Regular monitoring, audit logging of mutating actions, and incident response procedures.
You may request access to personal information we hold about you.
You may request correction of inaccurate or incomplete information via your account settings or by contacting us.
You may object to processing based on legitimate interests or direct marketing.
You may request deletion of personal information, subject to legal retention requirements.
You may lodge a complaint with the Information Regulator (South Africa): inforeg@justice.gov.za.
Submit requests to privacy@locumvendr.co.za. We will respond within a reasonable period as required by POPIA.
Healthcare professional registration and indemnity data may constitute special personal information under POPIA. We process this information only with your explicit consent and as necessary to verify eligibility to work shifts on the Platform.
The Platform is intended for adults (18+) who are registered healthcare professionals or authorised business representatives. We do not knowingly collect personal information from children.
We use essential session and security cookies to operate the business portal. Analytics cookies, if used, will be disclosed separately and require consent where applicable.
We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform or email. Continued use after the effective date constitutes acceptance of the updated policy; new consent may be collected where required by law.
Email: privacy@locumvendr.co.za
Support: support@locumvendr.co.za
Website: https://locumvendr.co.za