EFFECTIVE DATE: 6 SEPTEMBER 2022
CONTENTS
About this Privacy Notice
This Privacy Notice provides information about how AfyaRekod collects and processes your personal data when you visit our website, use or web application and/or mobile application for purposes (“our Platforms”) of accessing our products and services and those offered by third parties (“the Products and Services”). Please read this Privacy Notice carefully before using our Platforms or registering to use our Products and Services. Together with our Terms & Conditions, this Privacy Notice sets out our views and practices regarding your personal data.
The data we collect about you
We collect data about you from the information you give us, and the information we collect when you visit our Platforms. This includes:
How we process your personal data
We use information we hold about you to provide you with access to the Products and Services offered on our Platforms. We use the information to:
How we store and protect your data
All information you provide to us is stored on our secure servers. We do our best to protect your personal
data, but we cannot guarantee the security of your data transmitted to our Platforms from your personal
devices; any transmission is at your own risk. Once we have received your information, we will use strict
procedures and security features to try to prevent unauthorised access, loss or damage.
We take appropriate measures to ensure that your personal data is kept secure including security
measures to prevent personal data from being accidentally lost or used or accessed in an unauthorised
way. We limit access to your personal data to those who have a genuine business need to know it. Those
processing your information will do so only in an authorized manner and are subject to a duty of
confidentiality.
To ensure that your data is stored securely, we use a variety of technical measures to ensure that your
data is secure. If we or our service providers transfer personal data outside of the Kenya, we always
require that appropriate safeguards are in place to protect the information when it is processed. We have
put in place safeguards to protect personal data processed in or accessed from our Platforms.
If we suspect or become aware of any unauthorized access to your data by any unauthorized person or
third party, or become aware of any other security breach relating to personal data held by us, we shall
notify you in writing regarding the data breach and the assistance required from you. In the event of such
data breach, we shall comply with applicable laws and shall take the appropriate steps to remedy such
data breach.
How we share your personal data
We may be required to share your data with third parties for the following reasons:
When we share your personal data with third parties, we:
Where we transfer or process your data outside of your legal jurisdiction of residence, we undertake to ensure that your personal information is processed or transferred in accordance with the relevant data privacy laws of your legal jurisdiction to the extent possible.
How we long we retain your data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, the need to comply with our internal policy and the applicable legal, regulatory, tax, accounting or other requirements.
Anonymised information that can no longer be associated with you may be held indefinitely
Our legal basis to process your data
We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following:
Your legal rights
As AfyaRekod, we will ensure that we support the rights of persons whose personal data we collect. These rights include the right:
Your legal rights |
Explanation of your rights |
You have the right to be told how we use your personal data |
You can request us to provide you with access to and/or a copy of the personal data we hold about you. We can’t give you any personal data about other people without their express consent, personal data which is linked to an ongoing criminal or fraud investigation, or personal data which is linked to settlement negotiations with you. We also won't provide you with any communication we've had with our legal advisers. |
You can ask us to correct your personal data if you think it's wrong |
You can have incomplete or inaccurate personal data corrected. Before we update your account, we may need to check the accuracy of the new personal data you have provided and verify that the request came from you. |
You can ask us to delete your personal data |
You can ask us to delete your personal data if:
Please see the “How we delete your data” section of this Privacy Notice for more details on how we delete your data, and our legal obligations. |
You can object to us processing other personal data (if we’re using it for legitimate interests) |
If our legal basis for using your personal data is 'legitimate interests' and you disagree with us using it, you can object. However, if there is an overriding reason why we need to use your personal data, we will not accept your request./p>
If you object to us using personal data which we need in order to provide our services, we may need to close your account as we won’t be able to provide the services |
You can ask us to restrict how we use your personal data |
You can ask us to restrict or suspend using your personal data if:
|
You can ask us to transfer personal data to you or another company |
If we can, and are allowed to do so under regulatory requirements, we’ll provide your personal data in a structured, commonly used, machine-readable format. |
You can withdraw your permission |
f you’ve given us the consent, we need to use your personal data, you can withdraw it at any time by changing your privacy settings on our Platforms or sending an email to support@afyarekod.com.
(Please note, it will have been lawful for us to use the personal data up to the point you withdraw your permission.) |
You can ask us to carry out a human review of an automated decision we make about you |
If we make an automated decision about you that significantly affects you, you can ask us to carry out a manual review of this decision. |
Children and minors' rights
If collect and process personal information relation to a child/minor only when consent has been granted by the child’s parent or legal guardian or where the processing is in the best interests of the child. All the rights covered in this Notice also apply to personal data collected on behalf of children and minors.
Exercising your rights
To exercise any of your rights set out in the previous section, you can contact us through our Platforms, or send us an email at privacy@afyarekod.com. For security reasons, we can't deal with your request if we're not sure of your identity, so we may ask you for proof of identification. If a third-party exercises one of these rights on your behalf, we may need to ask for proof that they've been authorised to act on your behalf.
When you exercise one of your rights, or update your privacy settings on our Platforms, it may take us up to three (3) months to respond or implement your changes. We will usually not charge you a fee when you exercise your rights. However, we're allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive.
Marketing
You may be required to opt in or give any other form of explicit consent before receiving marketing messages from us. You can ask us to stop sending you marketing communications at any time by writing to us at privacy@afyarekod.com.
Where you opt out of receiving these marketing communications, this will not apply to personal data provided to us as a result of a Product, Service already taken up, warranty registration, Product or Service experience or other transactions
How to get in touch with us
Filing a complaint
All complaints from you regarding the way data is processed by us should be forwarded to privacy@afyarekod.com. We will investigate every complaint that we receive and get back to you as soon as possible.
Changes to this Privacy Notice
We reserve the right to update or change our Privacy Notice as necessary and you should check our Platforms periodically. Your continued use of our Platforms after we update this Privacy Notice will constitute your acknowledgment and acceptance of these changes as your consent to abide and be bound by the updated Privacy Notice.
If we make any material changes to our Privacy Notice, we will notify you either through your email address you have provided us, or by placing a prominent notice on our Platforms.
Contact Us
If you have any questions or feedback about this Privacy Notice, please feel free to contact us at privacy@afyarekod.com or through our Contact Us page on our website.