Privacy Policy

Effective Date: 1 January 2024
Last Updated: 27 February 2026

Welcome to Stainless Charm! 🌟 We value your privacy and the security of your personal information. This Privacy Policy outlines how Stainless Charm (Pty) Ltd. collects, uses, stores, and protects your information when you visit our websites or use our products and services.

1. Company Information

Trading Names

Stainless Charm (Pty) Ltd. operates under the following trading names:

• Medical Alert SA
• MedAlertSA
• LIFEfolio
• PawPortal
• MediQ-R

These are “Trading As” (T/A) identifiers of Stainless Charm (Pty) Ltd. and are not separately registered companies. All personal information collected, stored, and processed under any of these trading names is managed solely by Stainless Charm (Pty) Ltd. in accordance with this Privacy Policy.

IMPORTANT DISCLOSURE: Stainless Charm (Pty) Ltd. is an independent organisation and is not affiliated with, or endorsed by, MedicAlert®. Our mission is to provide high-quality alternative solutions designed to assist first responders in quickly identifying critical medical conditions during an emergency.

2. POPIA Compliance & Information Officer

Stainless Charm (Pty) Ltd. is registered with the Information Regulator of South Africa in compliance with the Protection of Personal Information Act, 4 of 2013 (POPIA).

Our Information Officer is responsible for ensuring compliance with POPIA, handling data access requests, and liaising with the Information Regulator on all privacy matters. You may direct any privacy-related queries or complaints to the Information Officer at the contact details above.

If you are not satisfied with our response, you may lodge a complaint directly with the Information Regulator:

• Website: inforegulator.org.za
• Email: enquiries@inforegulator.org.za
• Tel: 010 023 5200 | Toll Free: 0800 017 160

3. Legal Basis for Processing

We process your personal information in compliance with:

• POPIA (Protection of Personal Information Act, 4 of 2013) — South Africa
• GDPR (General Data Protection Regulation) — European Union (where applicable)
• South African common law privacy principles

Our legal bases for processing include:

• Consent: You have given explicit consent for us to process your personal information for one or more specific purposes
• Contract Performance: Processing is necessary to provide the products or services you have requested
• Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your rights
• Legal Obligation: Processing is necessary for compliance with a legal obligation
• Vital Interests: Processing is necessary to protect your vital interests or those of another person (especially relevant for medical data)

4. What Personal Information We Collect

4.1 General Website & E-Commerce Information

• Identity Data: Full name, email address, phone number, physical address
• Transactional Data: Purchase history, payment details (processed by secure third-party payment processors — we do not store full card numbers)
• Technical Data: IP address, browser type and version, device information, cookies
• Communications: Contact form submissions, support enquiries, correspondence

4.2 Medical & Health Information (Special Personal Information)

For customers using our medical alert products (QR Medi-Cards, MediQ-R™, LIFEfolio, Medical Alert bracelets), we may collect and store:

• Blood type and organ donor status
• Allergies and medication information
• Chronic conditions and medical history
• DNR (Do Not Resuscitate) status
• Emergency contact details
• Primary healthcare provider information
• Medical aid / insurance information

This information is classified as Special Personal Information under Section 26 of POPIA and is subject to heightened protection. We collect this information solely for the purpose of enabling emergency medical responders to access critical information when you are unable to communicate.

4.3 PawPortal Pet Information

For PawPortal customers, we collect pet-related information including veterinary details, vaccination records, and owner contact information for emergency identification purposes.

5. How We Use Your Information

We use your personal information to:

• Process and fulfil your orders and deliver products
• Create and manage your online account and QR code profile
• Enable emergency medical responders to access your critical health information via QR code
• Communicate with you regarding orders, enquiries, and account updates
• Send service and security notifications
• Improve our website, products, and services
• Comply with legal and regulatory obligations
• Detect and prevent fraud or misuse of our services
• Send marketing communications (only with your explicit consent — you may opt out at any time)

We will never use your medical information for marketing purposes.

6. QR Code / Medi-Card Terms of Use

By submitting your information to be linked to a QR Code or Medi-Card product, you acknowledge and accept the following:

6.1 Emergency Access

Your QR code profile is accessible to anyone who scans your QR code, without requiring a login. This is intentional — in a medical emergency, first responders must be able to access your information immediately. By activating your QR code profile, you explicitly consent to this public accessibility of the information you have chosen to include.

6.2 Your Responsibility for Data Accuracy

You are solely responsible for the accuracy, completeness, and currency of all medical information on your profile. Stainless Charm (Pty) Ltd. does not independently verify, validate, or fact-check any medical information you provide. We are a storage and delivery platform, not a medical records custodian.

You must update your profile immediately if your medical information changes (new allergies, changed medications, updated conditions, altered DNR status). Failure to maintain accurate information may have serious medical consequences for which you bear full responsibility.

6.3 Security of Your QR Code

You are responsible for keeping your QR code and login credentials secure. Do not share your QR code with unauthorised individuals. If you believe your account has been compromised, contact us immediately at admin@stainlesscharm.co.za.

6.4 Limitation of Liability for Medical Outcomes

Stainless Charm (Pty) Ltd. is not liable for any medical outcomes, complications, injuries, or adverse events resulting from:

• Inaccurate or outdated information you provided
• Failure of emergency responders to scan or access your QR code
• Technical failures beyond our reasonable control
• Misinterpretation of your data by healthcare providers

7. How We Protect Your Information

7.1 Technical Security Measures

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL (HTTPS)
• Encryption at Rest: Medical and personal data is encrypted using AES-256 encryption — the same standard used by financial institutions
• Access Controls: Strict access controls ensure only authorised personnel can access personal data, and only for legitimate purposes
• Password Security: Strong password requirements and optional two-factor authentication (2FA) protect your account
• Secure Hosting: Data is hosted on secure infrastructure with firewall protection, intrusion detection, and regular security patching
• Regular Backups: Automated encrypted backups protect against data loss

7.2 Organisational Measures

• Staff are trained in POPIA compliance and data protection obligations
• Access to personal data is limited to staff who need it to perform their duties
• All access to sensitive data is logged and audited
• Third-party service providers who handle your data are bound by Data Processing Agreements

Important: While we implement industry-standard security measures, no digital system can be guaranteed to be completely immune from breaches. By using our services, you acknowledge that Stainless Charm (Pty) Ltd. cannot be held liable for damages arising from security incidents beyond our reasonable control, such as third-party cyberattacks.

8. Sharing of Your Information

8.1 We Do NOT Sell Your Data

We will never sell, rent, trade, or otherwise disclose your personal or medical information to third parties for commercial or marketing purposes.

8.2 When We May Share Your Information

We may share your information only in the following limited circumstances:

• With Your Consent: When you activate your QR code profile, you consent to emergency responders accessing your medical information when scanning your code
• Service Providers: Trusted third-party companies that assist us in operating our business (cloud hosting, payment processing, email delivery). These providers are contractually bound to process data only as instructed by us and to maintain appropriate security standards
• Legal Requirements: When required to comply with a court order, subpoena, or other legal process; to comply with POPIA or other regulatory obligations; or to protect our legal rights
• Emergency Situations: When necessary to protect your vital interests or those of another person in a life-threatening situation
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. You will be notified in advance and given the opportunity to exercise your rights

9. Data Retention

When your account is deleted, we anonymise or securely destroy personal data that no longer needs to be retained, except where retention is required by law or for legitimate legal defence purposes.

10. International Data Transfers

Your data is primarily stored on servers located in South Africa. Where data is transferred outside South Africa (for example, to cloud service providers), we ensure that appropriate safeguards are in place, including:

• Data Processing Agreements incorporating standard contractual clauses
• Transfer only to countries or providers with adequate data protection standards
• Compliance with POPIA Section 72 (cross-border transfer conditions)

11. Cookies

Our websites use cookies to enhance your browsing experience and to analyse site traffic. Cookies are small data files stored on your device. We use:

• Essential cookies: Required for the website to function (e.g., shopping cart, login sessions)
• Analytics cookies: To understand how visitors use our site (e.g., Google Analytics) — anonymised where possible
• Plugin cookies: Set by WordPress and WooCommerce for functionality purposes

You may disable non-essential cookies through your browser settings. Disabling cookies may affect some website functionality.

12. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights:

• Right to Access: Request a copy of the personal information we hold about you
• Right to Correction: Request that inaccurate or incomplete information be corrected
• Right to Deletion: Request that your personal information be deleted (subject to legal retention requirements)
• Right to Object: Object to the processing of your information for direct marketing purposes
• Right to Withdraw Consent: Withdraw your consent to processing at any time (this does not affect the lawfulness of processing prior to withdrawal)
• Right to Complain: Lodge a complaint with the Information Regulator if you believe your rights have been violated

To exercise any of these rights, contact our Information Officer at admin@stainlesscharm.co.za. We will respond within 30 days of receiving your request.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, Stainless Charm (Pty) Ltd. will:

1. Notify the Information Regulator as soon as reasonably possible after becoming aware of the breach
2. Notify all affected data subjects as soon as reasonably possible
3. Provide the following information in the notification:
   • Description of the nature of the breach
   • Categories and approximate number of data subjects affected
   • Categories and approximate number of records affected
   • Contact details of our Information Officer
   • Likely consequences of the breach
   • Measures taken or proposed to address the breach

This procedure complies with POPIA Section 22 (Notification of security compromises).

14. Children’s Privacy

Our services are intended for persons 18 years of age and older. Persons under 18 may only use our services with the explicit consent of a parent or legal guardian, who assumes full responsibility for the minor’s account and data. We do not knowingly collect personal information from children without parental consent.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make material changes, we will:

• Update the “Last Updated” date at the top of this policy
• Notify registered customers by email where required
• Post a notice on our website

Continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy.

16. Contact Us

For any privacy-related queries, access requests, or complaints, please contact our Information Officer:

If you are not satisfied with our response, you may escalate your complaint to the Information Regulator of South Africa:

• Website: inforegulator.org.za
• Email: enquiries@inforegulator.org.za
• Tel: 010 023 5200 | Toll Free: 0800 017 160
• Address: Woodmead North Office Park, 54 Maxwell Dr, Woodmead, Johannesburg, 2191

© 2026 Stainless Charm (Pty) Ltd. T/A Medical Alert SA, MedAlertSA, LIFEfolio, PawPortal, MediQ-R. All rights reserved.
Stainless Charm (Pty) Ltd. is not affiliated with or endorsed by MedicAlert®.