ARTICLES
Lotus Flower Logo

Welcome To LOTUS

Discover the smart healthcare app for providers to expand their practice, enhance patient care, and simplify their workflow.

Sign in | Register

SIGN UP WITH US
TODAY

Sign up now to be among the first to experience Lotus when we launch. Get early access to the app before anyone else!

This field is for validation purposes and should be left unchanged.
Location(Required)

Lotus Life – Data Deletion Policy

Last Updated: November 2025
Effective Date: 3rd November 2025

  1. Purpose
      This Data Deletion Policy outlines how Lotus Life manages, deletes, retains, and protects personal information in accordance with the Protection of Personal Information Act (POPIA) and the Health Professions Council of South Africa (HPCSA) regulations governing medical records.

      Lotus Life is committed to protecting users’ privacy and ensuring that data is handled lawfully, securely, and transparently.

  1. Scope
      This policy applies to all users of Lotus Life applications and services, including:

      • Lotus Life Patient App
      • Lotus Life Practitioner App
      • All associated web portals, APIs, and integrations

      It covers all personal, professional, and medical data collected, stored, or processed by Lotus Life, regardless of device, method of collection, or storage location.


  1. Legal Framework
      3.1 POPIA Requirements

      Under POPIA:

      • Personal information must not be retained longer than necessary.
      • Retention is permitted where required by law, contract, or user consent.,/li>
      • Data must be securely deleted or de-identified once the retention period expires.

      3.2 HPCSA Requirements

      In accordance with HPCSA guidelines:

      • Medical records must be retained for at least 6 years from the date they become dormant.
      • Records for minors must be retained until the patient turns 21 years old.
      • Data may be retained longer for legal, statistical, or research purposes.

  1. Data Retention Periods

    Data Type Retention Period Legal Basis Purpose
    Medical Records (consultations, notes, diagnoses, prescriptions) Minimum 6 years (or until minor reaches age 21) HPCSA Continuity of care and legal compliance
    Appointment Records 6 years HPCSA Medical compliance
    Payment & Transaction Documentation Records 5 years SA financial & tax laws Audit, tax & financial compliance
    Security Logs 12 months POPIA & cybersecurity best practices Fraud prevention & security monitoring
    User Account (non-medical) data Deleted within 30 days after request POPIA Data minimisation
  1. How to Submit a Data Deletion Request

      Users may request deletion of their data using any of the following channels:

      5.1 In-App Request

      Navigate to: Settings Privacy Request Data Deletion

      5.2 Email Request

      Send a deletion request to: privacy@lotuslife.co.za (from your registered email address)

      5.3 Written Request

      Send a signed letter to:
      Lotus Life Data Protection Officer
      Block B, 53 Philip Engelbrecht Road
      Woodhill Office Park
      Meyersdal, Alberton, 1448
      South Africa

      5.4 Required Information

      All data deletion requests must include:

      • Full name
      • Registered email address
      • Contact number
      • Description of the data to be deleted
      • Proof of identity (ID copy, passport, or similar) for verification

      Requests missing required information may be delayed until verification is complete.


  1. What Happens After a Data Deletion Request

      Once you submit a valid deletion request:

      1. Account Deactivation
      Your Lotus Life account is immediately deactivated. You will no longer be able to log in.

      2. Deletion of Non-Medical Information
      Personal profile data, contact information, and other non-medical data will be permanently deleted within 30 calendar days, unless retention is required by law.

      3. Medical Records Retention
      Medical and clinical records cannot be deleted immediately and will be:

      • Retained for the legally required minimum period
      • De-identified where possible
      • Stored securely with restricted access
      • Automatically deleted once the retention period expires


      4. Financial & Transaction Records
      Retained for 5 years as required by South African tax and audit laws.

      5. Security Logs
      Retained for 12 months for fraud-prevention and cybersecurity purposes.

      6. Notification
      You will receive written or electronic confirmation once your request has been processed.

  1. Data Retention Exceptions

      Certain categories of data cannot be deleted immediately due to legal or regulatory obligations:

      • Medical Records (min. 6 years or until age 21),
      • Financial & Transaction Records (5 years)
      • Security Logs (12 months)
      • Data required for ongoing legal, disciplinary, or regulatory investigations

      Once legally required retention periods expire, all data will be permanently deleted or irreversibly anonymised.

  1. Third-Party Data Deletion
      If your data has been shared with third-party service providers, Lotus Life will:

      • Notify all relevant third parties of your deletion request
      • Require them to process deletion in accordance with their legal obligations and privacy standards

      Third-party service providers may include (but are not limited to):

      • Whereby – virtual consultation platform
      • Mapbox – geolocation services
      • Payment providers
      • Medi Informer – medical education API
      • Courier and logistics companies Deletion by third parties may follow their own statutory retention periods.

  1. Processing Timeframe
    • All requests will be acknowledged within 7 business days.
    • Deletion will be completed within 30 calendar days, unless restricted by legal retention requirements.
    • Users will be notified in writing once:
      • The deletion is complete, or
      • Certain data cannot be deleted and has been flagged for retention.

  1. Security Measures for Retained Data
      All retained data remains protected by:

      • Encryption at rest and in transit
      • Access control based on least-privilege principles
      • Continuous audit logging
      • Secure and compliant cloud storage
      • Periodic security reviews and penetration testing

  1. User Rights Under POPIA
      Users have the right to:

      • Access their personal information
      • Request correction or updating of inaccurate data
      • Request deletion (subject to legal retention requirements)
      • Object to the processing of their personal data
      • Request their data in a portable format Requests may be submitted through any channel listed in Section 5.

  1. Updates to This Policy
      Lotus Life may update this Data Deletion Policy from time to time. All updates will be:

      • Published on the official website
      • Displayed within the Lotus Life apps
      • Accompanied by a revised “Last Updated” date Users are encouraged to review the policy regularly.

  1. Compliance Declaration
      Lotus Life commits to:

      • Ensuring confidentiality, integrity, and availability of user information
      • Maintaining transparency in data processing
      • Handling all personal and medical information strictly according to:
        • POPIA
        • HPCSA guidelines
        • Other applicable South African laws
        • International best practices