SentinelHC takes the protection of your personal information seriously. This policy explains what information we collect, why we collect it, how we use it, and what your rights are under the Protection of Personal Information Act 4 of 2013 (POPIA).
Please read this policy before submitting any information to us through this website. By using sentinelhc.co.za or submitting your details for an evaluation or service enquiry, you confirm that you have read and understood this policy.
Who we are
Responsible Party: SentinelHC (Pty) Ltd
CIPC Registration: 2026/278247/07
POPIA Information Officer Registration: 2026-018764
Address: 41 Brackenhill Road, Waterfall, Durban, 3652
Email: info@sentinelhc.co.za
Website: www.sentinelhc.co.za
SentinelHC provides complete compliance documentation for South African healthcare practices, currently specialising in dental practices, with expansion into other healthcare practice types in progress. We are registered with the Information Regulator of South Africa as a responsible party under POPIA.
What personal information we collect
We collect personal information only when you actively provide it to us. This includes:
- Your name and the name of your dental practice
- Your email address and telephone number
- Your city or practice location
- Your responses to the compliance evaluation questionnaire on evaluate.html
- Information submitted through our client intake process
- Any correspondence you send to us by email
We also collect non-personal website usage data automatically through Google Analytics. This includes pages visited, time spent on the site, browser type, and general geographic location derived from your IP address. This data cannot be used to identify you as an individual.
Why we collect your information
We collect and use your personal information for the following purposes:
- To assess your practice's compliance status and provide a personalised evaluation report
- To communicate with you about your evaluation results or service enquiry
- To deliver compliance documentation and services if you become a client
- To manage our client relationship, including invoicing and account administration
- To send you compliance-related updates, guides, and marketing communications where you have consented or where we have a legitimate interest to do so
- To improve our website and services through anonymised usage analytics
We do not collect personal information beyond what is reasonably necessary for these purposes.
Who we share your information with
We do not sell your personal information to any third party. We share your information only with the service providers we use to operate our business, and only to the extent necessary.
Service providers
- Google LLC — We use Google Drive to store compliance documents, Google Gmail for email communication, and Google Apps Script for evaluation report automation. Google processes data under its own terms of service and privacy policies.
- Supabase Inc — Our planned client portal database and authentication infrastructure. The client portal has not yet launched and no personal data is currently stored in Supabase. This disclosure is made in advance of the portal's launch, which will occur when the service scales to support it.
- Netlify Inc — Our website is hosted on Netlify's servers. Netlify processes web traffic data as part of hosting the site.
- Google Analytics — We use Google Analytics to understand how visitors use our website. This data is anonymised and cannot identify individual users.
All third-party providers we use are contractually required to handle personal information responsibly and in compliance with applicable data protection laws.
Cross-border transfers
Some of our service providers, including Google and Netlify, operate servers outside of South Africa. Your personal information may therefore be transferred to and stored in countries other than South Africa, including the United States. When the SentinelHC client portal launches, Supabase will also be added as a cross-border operator at that time.
Where such transfers occur, we take reasonable steps to ensure that your information remains protected to a standard consistent with POPIA's requirements. We do this by using service providers that maintain internationally recognised data protection standards and certifications.
How long we keep your information
We retain your personal information for as long as it is necessary to fulfil the purposes for which it was collected, or as required by law.
If you have submitted a compliance evaluation but have not become a client, we retain your evaluation data for a period of 12 months, after which it is deleted or anonymised.
If you are or have been a client of SentinelHC, we retain your personal information for a period of 3 years after the end of our service relationship. This period aligns with general record-keeping requirements and allows us to address any queries that may arise after the relationship ends.
You may request deletion of your information at any time. See your rights below.
How we protect your information
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, misuse, or disclosure. These include:
- Encrypted data transmission (HTTPS) across the website
- Access controls that restrict personal data to authorised personnel only
- Secure, access-controlled document storage in Google Drive
- Role-based access controls and row-level security will be enforced in the client portal when it launches
No method of transmission over the internet is completely secure. While we take all reasonable precautions, we cannot guarantee absolute security. If we become aware of a data breach that affects your personal information, we will notify you and the Information Regulator as required by POPIA.
Marketing communications
From time to time, we may send you compliance guides, regulatory updates, and information about our services. We will only do this where you have given us consent, or where we have a legitimate interest to contact you based on a prior enquiry or service relationship.
You can opt out of marketing communications at any time by emailing us at info@sentinelhc.co.za with "Unsubscribe" in the subject line, or by using the unsubscribe link included in any marketing email. We will process your request promptly and within a reasonable time.
Opting out of marketing communications will not affect your ability to receive transactional or service-related communications from us.
Cookies and website analytics
Our website uses Google Analytics to collect anonymised data about how visitors use the site. Google Analytics uses cookies, which are small text files placed on your device, to collect information such as pages visited and session duration.
This data is used in aggregate form only and cannot be used to identify you as an individual. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on.
We do not use any advertising, retargeting, or tracking cookies beyond Google Analytics.
Your rights under POPIA
As a data subject under POPIA, you have the following rights regarding your personal information:
- Right to access — you may request a copy of the personal information we hold about you
- Right to correction — you may request that we correct any inaccurate or incomplete information
- Right to deletion — you may request that we delete your personal information, subject to any legal obligations we have to retain it
- Right to object — you may object to the processing of your personal information for direct marketing purposes at any time
- Right to complain — you have the right to lodge a complaint with the Information Regulator if you believe we have not handled your personal information lawfully
To exercise any of these rights, contact us at info@sentinelhc.co.za. We will respond within a reasonable time and, where required by POPIA, within 30 days.
Lodging a complaint with the Information Regulator
If you are not satisfied with how we have handled your personal information, you have the right to lodge a complaint directly with the Information Regulator of South Africa.
The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: complaints.IR@inforegulator.org.za
Website: www.inforegulator.org.za
Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or in applicable law. When we do, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically. Continued use of our website or services after any changes are published constitutes acceptance of the updated policy.
If you have any questions about this policy or how we handle your personal information, please contact us at info@sentinelhc.co.za.