Social-Media & Electronic-Communication Policy
This policy explains how I, Gustaf Pretorius (Clinical Psychologist, Independent Practice), conduct myself on social media and other online platforms, and how your personal information is protected under the Protection of Personal Information Act (POPIA), the Promotion of Access to Information Act (PAIA) and the HPCSA Ethical Rules. If anything is unclear, please raise it at our next session.
1. Purpose & Scope
- To protect your confidentiality and my professional boundaries.
- Ensure all online interactions comply with POPIA’s conditions of Accountability, Processing Limitation, Openness and Security Safeguards.
- Explain acceptable channels for clinical and administrative communication.
2. “Friending”, “Following” & Connection Requests
I do not accept “friend”, “follow” or connection requests from current or former patients on any platform (Facebook, LinkedIn, Instagram, X/Twitter, etc.). Doing so could:
- Expose your identity as a patient (breaching POPIA’s Processing Limitation – Purpose Specification);
- Blur therapeutic boundaries (HPCSA Booklet 4 §4.2); and
- Create an informal record outside your file, triggering PAIA/POPIA record-keeping duties.
If you have questions about this boundary, we can discuss it in session.
3. Viewing or “Researching” Patient Content
I do not routinely search for patients’ online content. With the exception of a genuine emergency where your welfare is at stake and you are unreachable through agreed channels, I may access publicly available information (HPCSA Booklet 5 §7.11; POPIA s 11(1)(d)). Any such action will be documented in your clinical record and discussed with you.
4. Messaging & Direct Contact
| Channel | Permitted use | Security level |
|---|---|---|
| Signal | Scheduling, short admin messages | End-to-end encrypted |
| Email (privacy@psydev.co.za) | Appointment changes, invoices | TLS; not suitable for sensitive clinical content |
| WhatsApp (Business) | One-line reminders only | E2E encrypted but meta-data stored offshore |
| SMS / Voice call | Back-up if Signal unavailable | No encryption |
| Social-network DMs | Not accepted | Unencrypted / public |
- Messages received via non-approved channels are deleted unread.
- All clinically relevant communications are transcribed into your secure record and retained for at least six years (HPCSA Booklet 9).
5. Endorsements, Reviews & Testimonials
HPCSA Rule 15A and Booklet 5 §7.4 prohibit psychologists from soliciting testimonials. Therefore I will not:
- Ask you for LinkedIn endorsements, Facebook “likes” or online reviews;
- Respond to any public review (positive or negative) to preserve your confidentiality.
You are, of course, free to discuss your therapy anywhere you wish, but please consider using a pseudonym to protect your privacy.
6. Check-ins & Location-Based Services
I do not list my practice as a public “check-in” location. Be aware that passive GPS check-ins on your device could reveal your therapy attendance to third parties.
7. Data Protection Notices (POPIA & PAIA)
- Responsible Party: Gustaf Pretorius, Clinical Psychology Practice.
- Information Officer: Gustaf Pretorius — certificate 2025-006159.
- Personal data processed on social or messaging platforms is limited to: name, contact number, appointment time, and (optionally) encrypted message content (POPIA Condition 3 – Purpose Specification).
- All third-party platforms (Signal, WhatsApp, Xneelo, Apple iCloud, Dropbox, Proton Drive) have signed Operator Agreements including 24-hour breach-notification clauses (POPIA s 21).
- You have the right to access, correct or object to processing and may lodge a complaint with the Information Regulator: complaints.IR@justice.gov.za.
- Full PAIA/POPIA manual: https://www.psydev.co.za/manual
8. Email, SMS & Data Retention
Routine emails and SMSes are retained on secure servers located in South Africa (Vodacom) and encrypted cloud backups (EU/US & Switzerland) for six years after they become dormant, then permanently deleted (HPCSA Booklet 9 §9.3). Sensitive clinical matters should be discussed only in session or via a pre-arranged secure video-consultation (HPCSA Booklet 10).
9. Updates to this Policy
Technology evolves. When this policy changes, the updated version will be posted here and emailed to active patients. Continued use of electronic channels implies consent to the latest version.
Version 3.0 – 15 May 2025 | Replaces version 2.0 (10 Jan 2022) | Queries? Email privacy@psydev.co.za or discuss in session.