Locally compliant in South Africa
Locally compliant in South Africa
Heidi is fully compliant with South African privacy and security laws, including POPIA and all relevant national regulations.
Data residency: All data is securely stored in EU data centres.
Data usage: Data is never used for secondary purposes like model training or commercialisation.
Certifications: Heidi is a leader in compliance, and has obtained certifications such as ISO27001, ISO42001, and SOC 2 Type II.
Privacy Impact Assessments (PIAs): Completed across multiple jurisdictions - these are available for download via our Trust Centre.
Trusted across South African healthcare: Heidi has been deployed in practices across South Africa with over 10,000 clinicians country wide.
Heidi is committed to protecting the personal information of users in South Africa in accordance with the Protection of Personal Information Act, 2013 (POPIA). We process personal and health-related information lawfully and transparently, ensuring data is collected for specific, explicit, and legitimate purposes with informed consent where required. All data is securely stored on servers located in the European Union (EU), ensuring a high standard of data protection consistent with both POPIA and the EU General Data Protection Regulation (GDPR). We implement strong encryption, access controls, and continuous monitoring to safeguard your information.
In accordance with POPIA, Heidi has designated an Information Officer responsible for overseeing compliance with POPIA and managing matters related to the processing of South African users’ personal information. The designated Information Officer is John Stanley Giles (South African ID Number 7312045097088), who can be contacted via email at john@michalsons.com. This officer is physically located within South Africa and acts as the primary point of contact for data subjects and the South African Information Regulator. South African users have the right to access, correct, delete, or object to the processing of their personal data, ensuring Heidi meets its obligations under POPIA. To exercise this right, data subjects can contact our designated Information Officer.