Privacy Policy

Last Updated: 1 April 2026

This Privacy Policy explains how MedAlert, a brand of Cillix-Co Pty Ltd, collects, uses, stores, shares, and protects your personal information when you visit our website, place an order, activate a product, complete a form, or contact us.

We are committed to processing personal information in accordance with applicable South African law, including the Protection of Personal Information Act, 2013 (“POPIA”). The Information Regulator is the South African body established to monitor and enforce compliance with POPIA and PAIA.

1. Who We Are

Holding Company: Cillix-Co Pty Ltd
Brand: MedAlert
Email: info@smartmedalertid.co.za
Phone: +27 (0)64 523 9403

In POPIA language, the company deciding why and how your personal information is processed is generally the “responsible party.”

2. What Information We Collect

Depending on how you interact with us, we may collect:

2.1 Personal and Contact Information

  • full name;
  • phone number;
  • email address;
  • delivery address;
  • billing details; and
  • communication preferences.

2.2 Order and Account Information

  • order history;
  • payment status;
  • order value;
  • customer support records; and
  • information relating to product activation, profile setup, or linked services.

2.3 Medical and Emergency Profile Information

Where relevant to MedAlert products and services, we may collect information that you choose to provide for your emergency profile, such as:

  • emergency contact details;
  • allergies;
  • medical conditions;
  • medication information;
  • other emergency or health-related information entered by you.

Some of this information may qualify as special personal information under POPIA, because it relates to health. We only process this information where it is provided by you, where it is necessary for the service you requested, or where otherwise permitted by law.

2.4 Technical and Website Information

When you use our website, we may automatically collect certain technical data, such as:

  • IP address;
  • browser type;
  • device information;
  • pages visited;
  • date and time of access; and
  • cookies or similar tracking data.

3. How We Collect Information

We collect personal information when you:

  • visit or browse our website;
  • place an order;
  • complete forms on our site;
  • activate or customise a MedAlert product;
  • contact us by email, phone, WhatsApp, or website form;
  • subscribe to marketing or updates;
  • submit information for emergency profile setup; or
  • interact with our website through cookies or analytics tools.

4. Why We Collect and Use Your Information

We may use your personal information to:

  • process and deliver your orders;
  • communicate with you about your orders or queries;
  • provide product activation, profile setup, hosting, and related services;
  • verify transactions and reduce fraud risk;
  • maintain customer records;
  • improve our products, website, and customer experience;
  • send service-related notices;
  • send marketing messages where permitted by law or where you have consented;
  • comply with legal, tax, accounting, regulatory, or security obligations; and
  • respond to lawful requests or protect our rights.

POPIA requires that personal information be processed lawfully and for a specific, defined purpose, and that it be relevant and not excessive for that purpose.

5. Cookies and Similar Technologies

Our website may use cookies or similar technologies to improve functionality, understand website usage, remember preferences, and support analytics or marketing tools.

You can usually manage cookie preferences in your browser settings. Disabling cookies may affect how some parts of the website function.

6. Sharing of Personal Information

We do not sell your personal information.

We may share personal information with trusted third parties where reasonably necessary, including:

  • payment processors;
  • courier and delivery providers;
  • website hosting or technical service providers;
  • CRM, analytics, or communication platforms;
  • contractors or operators who process data on our behalf; and
  • regulatory, legal, or law enforcement authorities where required by law.

Under POPIA, a third party processing personal information on behalf of a responsible party is generally referred to as an operator.

We take reasonable steps to ensure that service providers who process personal information for us do so securely and only for authorised purposes.

7. Data Security

We take reasonable technical and organisational measures to protect personal information against loss, misuse, unauthorised access, disclosure, alteration, or destruction.

These measures may include:

  • secure website and hosting controls;
  • password-protected systems;
  • limited access to personal information;
  • secure payment gateways;
  • staff or contractor access controls; and
  • reasonable safeguards appropriate to the sensitivity of the information processed.

No website, database, or online transmission is ever 100% secure. So yes, we lock the doors, but no honest company should pretend the internet is a magical invincible vault.

Where there are reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, POPIA requires notification to the Information Regulator and the affected data subject, subject to the law’s requirements. The Information Regulator has published guidance on handling security compromises.

8. Retention of Information

We keep personal information only for as long as reasonably necessary for the purpose for which it was collected, or as required by law, contract, tax, accounting, dispute-resolution, or record-keeping obligations.

When information is no longer required, we will take reasonable steps to delete, destroy, de-identify, or anonymise it where appropriate and lawful.

9. Your Rights

Subject to applicable law, you may have the right to:

  • ask what personal information we hold about you;
  • request access to your personal information;
  • request correction or updating of inaccurate or incomplete information;
  • object, on reasonable grounds, to certain processing;
  • request deletion or destruction where retention is no longer authorised;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with the Information Regulator; and
  • request access to records in accordance with applicable access-to-information procedures.

The Information Regulator’s PAIA guidance explains how a person may request access to records, including access to personal information, and provides the prescribed forms for such requests.

To exercise any of these rights, please contact us using the details below.

10. Marketing Communications

We may send you promotional messages about products, services, offers, or updates where you have consented, where you are an existing customer and the law allows it, or where we otherwise have a lawful basis to do so.

You can opt out of non-essential marketing communications at any time by following the unsubscribe option in the message or contacting us directly.

11. Cross-Border Transfers

If any of our service providers store or process information outside South Africa, we will take reasonable steps to ensure that such transfer is lawful and that your information receives an adequate level of protection consistent with applicable law.

12. Children’s Information

Our website and services are not intended to unlawfully collect information from children without appropriate authority or consent where required.

If you provide information relating to a minor for emergency profile or product-use purposes, you confirm that you are authorised to do so.

13. Third-Party Services and Links

Our website may contain links to third-party websites, payment gateways, platforms, or services. We are not responsible for the privacy practices of those third parties, and their own terms and privacy policies will apply.

14. PAIA and Information Officer

South African private and public bodies are required to register their Information Officers with the Information Regulator under POPIA. The Regulator also provides PAIA guides, forms, and templates relevant to access requests and related compliance.

If you need information relating to access requests or our information-handling practices, please contact us first using the details below.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, operational, or service changes. The latest version will always be posted on our website with the updated effective date.

16. Contact Us

If you have questions about this Privacy Policy, want to access or correct your personal information, or want to submit a privacy-related complaint or request, please contact:

MedAlert
A brand of Cillix-Co Pty Ltd
Email: info@smartmedalertid.co.za
Phone: +27 (0)64 523 9403

Scroll to Top