PENDA PATIENT DATA NOTICE

WHAT DATA IS COLLECTED

In order to provide our services to you we need to process certain personal information relating to you, which includes:

Personal Data – This includes your: name, assumed name, address, phone number, title, email address, gender, family relationships (e.g. spouse, children), date of birth, profession etc.  

Sensitive Personal Data – This includes but is not limited to data revealing your race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the person's children, parents, spouse or spouses, sex or sexual orientation. We collect personal data from you in connection with the particular health service that we are providing to you, this will include details of your medical history and details of the treatments or services that we provide to you.

Interactions with Penda Health – If you interact with our Penda Medical Centres, we may record details of those interactions (e.g. logs and details of phone calls, email correspondence and hard copy correspondence). If you make a complaint we will process details in relation to that complaint).

  1. WHERE AND HOW YOUR PERSONAL DATA IS COLLECTED 

Most of the personal data that we collect about you will be gathered from you as part of the services procured at our various Medical Centres, community outreach camps, our telemedicine platform “Pigia Penda” or our Whatsapp patient communication platform “Chat na Penda”. We will handle your information in line with privacy laws in Kenya, including the Data Protection Act (Act No. 24 of 2019) and its accompanying regulations as they may be amended from time to time. We regularly check our systems and processes to make sure your personal data is being handled securely and lawfully. 

  1. WHY DO WE COLLECT INFORMATION FROM YOU

    1. In order to provide you with the care we have to collect and maintain records about your health and any treatment or care you have received previously. These records help to provide you with the best possible healthcare during direct clinical care and to understand how services should be provided. Specifically:

      1. To provide a good basis for all health decisions made by you and your care professionals 

      2. To send you information about the services we offer

      3. To make sure your care is safe and effective 

      4. To work effectively with other organizations providing you with care 

      5. In order to comply with legal obligations 

      6. To maintain or continuously improve our medical service quality

      7. To conduct routine audits or staff training.

These are legitimate interests.

  1. HOW WE PROTECT YOUR PERSONAL INFORMATION 

We will do the following to ensure we protect your information:

  • Ensure personal information is accessed within the parameters of Essential Business Processes which shall include but not be limited to the collection of your personal data by us to offer you medical services, and (where applicable) the processing of insurance claims with our insurance partners related to the medical services offered to you.

  • Implement technological safeguards and stringent access control procedures which prevent unauthorized disclosure of personal information. These safeguards include role based access controls, audit logs to track access and changes to patient records, firewalls and VPNs to safeguard access to our critical infrastructure, endpoint security using renowned antivirus solutions, backup and disaster recovery solutions and secure cloud storage.

  • We will not disclose your information to any third party without your consent unless there are exceptional circumstances that necessitate such disclosure (i.e. life or death situations where the provision of emergency services to a patient shall supersede the requirement of seeking consent prior to the said disclosure).

  • Our policy is to ensure all personal data related to our patients will be protected.

  • All employees, sub-contractors, and partners we engage with have a legal, contractual obligation to keep information about you confidential.

  • We have put in place a robust backup process to reduce the chances of patient data loss

  • We conduct routine IT and data security audits to ensure the security of the systems.

  1. RETENTION OF YOUR DATA

  • We retain your personal information for no longer than is necessary for the purpose for which it is collected, in accordance with the Kenya Data Protection Act, 2019. 

  • All the personal data we process is processed by our staff; however, for the purposes of IT hosting and maintenance, this information may be located on servers in different parts of the world. 

  • We have a Data Protection regime in place to oversee the effective and secure processing of your data that encompasses documented processes of collecting individual consent from patients and a Data Protection Policy that guides employees’ activities when handling patient data.

  1. LEGAL JUSTIFICATION FOR COLLECTION AND USE OF PERSONAL DATA

The basis of processing your personal information is premised on the following regulatory framework:

  • The Constitution of Kenya, 2010

  • Data Protection Act, 2019

  • Data Protection (General) Regulations, 2021

We further have a detailed Data Protection Policy guided by the above regulatory framework.

  1. YOUR RIGHTS AS A DATA SUBJECT

  • Right to be informed of the use to which their personal data is to be put;

  • Right to access your personal data that is in our custody

  • Right to object to the processing of all or part of your personal data

  • Right to get false or misleading data corrected; and 

  • Right to deletion of false or misleading data about you

  1. INFORMATION SHARING WITH NON-PENDA ORGANIZATIONS/THIRD PARTIES

Under this data notice, we will only share your personal information with other organizations where necessary to provide you care or as part of the care delivery process. 

  1. CHANGES TO THE DATA NOTICE 

We may modify or update this Data Notice from time to time to reflect the changes in our business and practices, so you should review this periodically. 

  1. QUESTIONS AND COMPLAINTS

In the event that you have any questions or complaints, feel free to reach out to legal@pendahealth.com or call us on +254207909045.

Acknowledgment & Consent

I have read and fully comprehended the preceding information and agree to seek clarification if I have any questions about the treatment process, its goals, procedures, potential dangers, or expected outcomes. I accept that I am allowed to terminate services at any moment for any reason. I am aware that the security of my information has some limitations.