PENDA PATIENT DATA NOTICE

INTRODUCTION/PURPOSE OF THE NOTICE

We understand how important it is to keep your personal information safe and secure. This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from or about you. This privacy notice applies to personal information processed by or on behalf of Penda.

This Notice describes what and how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.

Penda will be what’s known as the ‘Controller’ of the personal data you provide to us or the ‘Processor’ where the data is provided by a third party in which case we process your data as directed by the respective third-party Controller as bound to their obligations to you.

1.WHAT DATA IS COLLECTED

In order to provide our services to you we need to process certain personal information relating to you, which includes:

Personal Data – This includes your: name, assumed name, address, phone number, title, email address, gender, family relationships (e.g. spouse, children), date of birth, profession etc.  

Sensitive Personal Data – This includes but is not limited to data revealing your race, health status, ethnic social origin, conscience, belief, genetic data, biometric data, property details, marital status, family details including names of the person's children, parents, spouse or spouses, sex or sexual orientation. We collect personal data from you in connection with the particular health service that we are providing to you, this will include details of your medical history and details of the treatments or services that we provide to you.

Interactions with Penda Health – If you interact with our Penda Medical Centres, we may record details of those interactions (e.g. logs and details of phone calls, email correspondence and hard copy correspondence). If you make a complaint we will process details in relation to that complaint).

2. WHERE AND HOW YOUR PERSONAL DATA IS COLLECTED 

Most of the personal data that we collect about you will be gathered from you as part of the services procured at various stations.

3. WHY DO WE COLLECT INFORMATION FROM YOU

In order to provide you with the care we have to collect and maintain records about your health and any treatment or care you have received previously. These records help to provide you with the best possible healthcare during direct clinical care and to understand how services should be provided specifically:-

  • To provide a good basis for all health decisions made by you and your care professionals 

  • To make sure your care is safe and effective 

  • To work effectively with other organizations providing you with care 

  • In order to comply with legal obligations 

  • To maintain or continuously improve our medical service quality, and our operations in which case we may contact you to ensure you have fully recovered, or for feedback on our services.

  • To conduct routine audits or staff training.

These are legitimate interests.

With your consent, we would also like to use your information as follows:-

  • We would like to use your name, contact details and email address to inform you of services that may benefit you.

  • There may be occasions where we would like you to take part in innovations, research, improving services or identifying trends.

  • At any stage where we would like to use your data for anything other than the specified purposes and where there is no lawful requirement for us to share or process your data, we will ensure that you have the ability to consent and opt-out prior to any data processing taking place.

  • Personal Data is not shared with third parties and you can unsubscribe at any time via phone, email or by informing us as provided below.

4. HOW WE PROTECT YOUR PERSONAL INFORMATION

We will do the following to ensure we protect your information:

  • Ensure personal information is accessed within the parameters of Essential Business Processes.

  • Technological safeguards and stringent access control procedures prevent unauthorized disclosure of personal information.

  • Having a well-structured Data Privacy Complaints Process.

  • We will only ever use or pass on information about you if others involved in your care have a genuine need for it. 

  • We will not disclose your information to any third party without your permission unless there are exceptional circumstances (i.e. life or death situations).

  • Our policy is to ensure all personal data related to our patients will be protected.

  • All employees and sub-contractors we engage have an obligation to keep information about you confidential.

  • We have put in place a robust backup process to reduce the chances of patient data loss

  • We conduct routine IT and data security audits to ensure the security of the systems.

5. RETENTION OF YOUR DATA

  • We retain your personal information for no longer than is necessary for the purpose for which it is collected and in accordance with requirements that are imposed on us by law. 

  • All the personal data we process is processed by our staff however, for the purposes of IT hosting and maintenance this information may be located on servers in different parts of the world.

  • No 3rd parties have access to your personal data unless the law allows them to do so and appropriate safeguards have been put in place.  

  • We have a Data Protection regime in place to oversee the effective and secure processing of your data.

6. LEGAL JUSTIFICATION FOR COLLECTION AND USE OF PERSONAL DATA

The basis of processing your personal information is premised on the following regulatory framework:

  • The Constitution of Kenya, 2010

  • Data Protection Act, 2019

  • Data Protection (General) Regulations, 2021

We further have a detailed Data Protection Policy guided by the above regulatory framework.

7. YOUR RIGHTS AS A DATA SUBJECT

  • Right to be informed of the use to which their personal data is to be put;

  • Right to access your personal data that is in our custody

  • Right to object to the processing of all or part of your personal data

  • Right to get false or misleading data corrected; and 

  • Right to deletion of false or misleading data about you

8. INFORMATION SHARING WITH NON-PENDA ORGANIZATIONS/THIRD PARTIES 

You will be informed when your data is to be shared with other organisations and your consent is needed.

In other instances being informed will not be necessitated based on contractual obligations and rights between yourself and Penda/ the Third Parties.

We may also use external companies to process personal information, such as for archiving purposes. These companies are bound by contractual agreements to ensure information is kept confidential and secure.

9. CHANGES TO THE DATA NOTICE

We may modify or update this Data Notice from time to time to reflect the changes in our business and practices, so you should review this periodically. When we change the notice in a material manner we will let you know and update the last modified date.

10. QUESTIONS AND COMPLAINTS

In an event that you have any questions or complaints, feel free to reach out to info@pendahealth.com or call us on 254 020 7909045

Acknowledgment & Consent

I have read and fully comprehended the preceding information and agree to seek clarification if I have any questions about the treatment process, its goals, procedures, potential dangers, or expected outcomes. I accept that I am allowed to terminate services at any moment for any reason. I am aware that the security of my information has some limitations.