1.1. The National Department of Health has developed an Electronic Vaccine Data System (EVDS) to support the COVID-19 Vaccination roll out in South Africa.
1.2. The EVDS will be used to capture COVID-19 vaccination events digitally and provide data to NDOH data analytics platform to monitor and report on.
EVDS. It also explains:
1.3.1 How your information is used;
1.3.2 Who your information is shared with;
1.3.3 How your data is kept securely; and
1.3.4 The extent to which any personal information is transferred or stored.
1.4. “Personal data” or “personal information” means all information relating to an identified or identifiable person.
1.5 “Processing” means any operation with personal data, irrespective of the means applied and the procedure, and in particular the collection, storage, use, revision, disclosure, archiving, or destruction of data.
1.6 The processing of personal data is managed in line with the provisions and safeguards set out in the Protection of Personal Information Act, 2013 (Act No. 4 of 2013).
2. Responsible Party
2.1 The controller responsible for the data processing described herein is the:
National Department of Health (NDOH)
222 Thabo Sehume Street
2.2 The EVDS is under the direct control of the National Department of Health. The EVDS is available to administrative staff and Vaccinators (HCWs) registered on the system. The system can be accessed via web browsers using suitable and compatible devices. The system also includes capabilities for vaccinees to enrol (express an interest to be vaccinated) on EVDS.
- Collection and processing of personal data and special personal information
3.1 The EVDS does not collect any “special personal information” about you as a vaccinee. For this purpose, “Special personal information” relates to:
3.1.1 the data about your race or ethnicity;
3.1.2 religious or philosophical beliefs;
3.1.3 sex life;
3.1.4 political opinions or trade union membership;
3.1.5 information about your health and biometric data; and
3.1.6 information about criminal convictions and offences.
3.2 The following information of the vaccinee will be collected and processed by the EVDS:
3.2.1 personal information (names and Identity Number) as contained in your Identity document. This is to verify and confirm your eligibility as a COVID-19 vaccine beneficiary per the priority phases as defined in the COVID-19 National Vaccination Plan;
3.2.2 the medical aid details, residential address, email address, phone numbers (including mobile numbers in order to send messages and appointment messages for the second dose of the vaccine);
3.2.3 employment details, professional category and registration as part of the priority group eligibility verification; and
3.2.4 patient information in relation to your health status including underlying conditions that you may have as a vaccine in line with the vaccination protocols.
- How does the EVDS work?
4.1. Vaccination and enrolment on the EVDS is voluntary.
4.2. Vaccinees are provided an opportunity to enrol on the EVDS system.
4.3. To do so, vaccinees must provide personal, contact and medical aid details.
4.4. Enrolment is not a guarantee of vaccination.
4.5. Eligibility of the vaccinee is then determined by the NDOH based on priority population groups over a period of time.
4.6. Eligible vaccinees are then provided with notification and instructions on how and where to receive the vaccination.
4.7. A vaccinee must presents himself/herself at a Facility Vaccine Registration Desk within a Vaccination Site. In this regard, he/she must produce an identity document (e.g. ID Book or Passport) in order to register, confirm details and schedule an appointment in the EVDS.
4.8. During vaccination, all vaccination information of the vaccinee will be captured in the EVDS including the dose received, batch number, manufacturer.
4.9. The EVDS will send an SMS to the vaccinee for an appointment for the second dose. During the second dose, the vaccinator confirms the vaccine details in the EVDS to ensure that an appropriate dose and vaccine is given to the correct vaccinee.
5. Information we process with your consent
Your personal data as well as your patient information data is processed with your informed consent.
6. Data transfer
Anonymised data will be transferred to the NDOH database for reporting. No personal data will be transferred from the EVDS, without the required legislative provisions to do so.
7. What security measures are in place to protect my data?
- 1 The Administrators and Vaccinators who access the EVDS have secure user login details that have a full audit trail on all the activities that they perform on their accounts in accordance with their assigned roles.
- 2 NDOH is the owner and Responsible Party of Information and data processed by the EVDS and has employed stringent technical and best practice procedures in place to ensure the integrity of Personal Information is safeguarded against the risk of loss or damage and against the unauthorised or unlawful access.
- 3 All systems are Protection of Personal Information (POPI) Act compliant and allow for capturing of user and client consent in the case of capturing personal information.
- 4 Security is based on at least 99% Availability Service Levels and ISO 27001:2013 framework, which is the international standard that describes best practices and controls.
- 5 All systems are built with open architecture for interoperability and alignment with local standards.
8. Rights of all EVDS users
8.1. In the event of alleged infringements of any data protection legislation in force in the Republic at the time of the alleged infringement, you can contact the competent data protection supervisory authority or take legal action in accordance with that data protection legislation.
8.2. The ability to exercise your rights requires that you provide clear evidence of your identity (e.g. a copy of your identity documents). To assert your rights you can contact the NDOH at the address given in clause 2.
9. Other documents governing privacy and data protection