Privacy policy

  • Home
  • Privacy policy




  1. About this Privacy Notice
  2. The data we collect about you
  3. How we use your personal data
  4. How we store your data
  5. How we share your personal data
  6. How we retain your data
  7. Your legal rights
  8. Direct marketing
  9. How to get in touch us

About this Privacy Notice

This Privacy Notice provides information about how AfyaRekod collects and processes your personal data when you visit our website, use or web application and/or mobile application for purposes (“our Platforms”) of accessing our products and services and those offered by third parties (“the Products and Services”). Please read this Privacy Notice carefully before using our Platforms or registering to use our Products and Services. Together with our Terms & Conditions, this Privacy Notice sets out our views and practices regarding your personal data.

The data we collect about you

We collect data about you from the information you give us, and the information we collect when you visit our Platforms. This includes: 

How we process your personal data

We use information we hold about you to provide you with access to the Products and Services offered on our Platforms. We use the information to:

How we store and protect your data

All information you provide to us is stored on our secure servers. We do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our Platforms from your personal devices; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.

We take appropriate measures to ensure that your personal data is kept secure including security measures to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.

To ensure that your data is stored securely, we use a variety of technical measures to ensure that your data is secure. If we or our service providers transfer personal data outside of the Kenya, we always require that appropriate safeguards are in place to protect the information when it is processed. We have put in place safeguards to protect personal data processed in or accessed from our Platforms.

If we suspect or become aware of any unauthorized access to your data by any unauthorized person or third party, or become aware of any other security breach relating to personal data held by us, we shall notify you in writing regarding the data breach and the assistance required from you. In the event of such data breach, we shall comply with applicable laws and shall take the appropriate steps to remedy such data breach.

How we share your personal data

We may be required to share your data with third parties for the following reasons:

When we share your personal data with third parties, we:

  1. require them to agree to use your data in accordance with the terms of this Privacy Notice and in accordance with the law; and

  2. only permit them to process your personal data for specified purposes and in accordance with our instructions. We do not allow our third-party service providers to use your personal data for their own purposes.

Where we transfer or process your data outside of your legal jurisdiction of residence, we undertake to ensure that your personal information is processed or transferred in accordance with the relevant data privacy laws of your legal jurisdiction to the extent possible.

How we long we retain your data

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, the need to comply with our internal policy and the applicable legal, regulatory, tax, accounting or other requirements.

Anonymised information that can no longer be associated with you may be held indefinitely

Our legal basis to process your data

We must have a legal basis (a valid legal reason) for using your personal data. Our legal basis will be one of the following:

Your legal rights

As AfyaRekod, we will ensure that we support the rights of persons whose personal data we collect. These rights include the right:

Your legal rights

Explanation of your rights

You have the right to be told how we use your personal data

You can request us to provide you with access to and/or a copy of the personal data we hold about you.

We can’t give you any personal data about other people without their express consent, personal data which is linked to an ongoing criminal or fraud investigation, or personal data which is linked to settlement negotiations with you. We also won't provide you with any communication we've had with our legal advisers.

You can ask us to correct your personal data if you think it's wrong

You can have incomplete or inaccurate personal data corrected. Before we update your account, we may need to check the accuracy of the new personal data you have provided and verify that the request came from you.

You can ask us to delete your personal data

You can ask us to delete your personal data if:

  • there's no good reason for us to continue using it
  • you gave us consent (permission) to use your personal data and you have now withdrawn that consent you have objected to us using your personal data
  • we have used your personal data unlawfully
  • the law requires us to delete your personal data.

Please see the “How we delete your data” section of this Privacy Notice for more details on how we delete your data, and our legal obligations.

You can object to us processing other personal data (if we’re using it for legitimate interests)

If our legal basis for using your personal data is 'legitimate interests' and you disagree with us using it, you can object. However, if there is an overriding reason why we need to use your personal data, we will not accept your request./p>


If you object to us using personal data which we need in order to provide our services, we may need to close your account as we won’t be able to provide the services

You can ask us to restrict how we use your personal data

You can ask us to restrict or suspend using your personal data if:

  • you want us to investigate whether the data we hold is accurate
  • our use of your personal data is unlawful but you don’t want us to delete it
  • we no longer need your personal data, but you want us to continue holding it for you in connection with a legal claim
  • you have objected to us using your personal data (see above), but we need to check whether we have an overriding reason to use it.

You can ask us to transfer personal data to you or another company

If we can, and are allowed to do so under regulatory requirements, we’ll provide your personal data in a structured, commonly used, machine-readable format.

You can withdraw your permission

f you’ve given us the consent, we need to use your personal data, you can withdraw it at any time by changing your privacy settings on our Platforms or sending an email to


(Please note, it will have been lawful for us to use the personal data up to the point you withdraw your permission.)

You can ask us to carry out a human review of an automated decision we make about you

If we make an automated decision about you that significantly affects you, you can ask us to carry out a manual review of this decision.

Children and minors' rights

If collect and process personal information relation to a child/minor only when consent has been granted by the child’s parent or legal guardian or where the processing is in the best interests of the child. All the rights covered in this Notice also apply to personal data collected on behalf of children and minors.

Exercising your rights

To exercise any of your rights set out in the previous section, you can contact us through our Platforms, or send us an email at For security reasons, we can't deal with your request if we're not sure of your identity, so we may ask you for proof of identification. If a third-party exercises one of these rights on your behalf, we may need to ask for proof that they've been authorised to act on your behalf. 

When you exercise one of your rights, or update your privacy settings on our Platforms, it may take us up to three (3) months to respond or implement your changes. We will usually not charge you a fee when you exercise your rights. However, we're allowed by law to charge a reasonable fee or refuse to act on your request if it is manifestly unfounded or excessive. 


You may be required to opt in or give any other form of explicit consent before receiving marketing messages from us. You can ask us to stop sending you marketing communications at any time by writing to us at

Where you opt out of receiving these marketing communications, this will not apply to personal data provided to us as a result of a Product, Service already taken up, warranty registration, Product or Service experience or other transactions

How to get in touch with us

Filing a complaint 

All complaints from you regarding the way data is processed by us should be forwarded to We will investigate every complaint that we receive and get back to you as soon as possible. 

Changes to this Privacy Notice 

We reserve the right to update or change our Privacy Notice as necessary and you should check our Platforms periodically. Your continued use of our Platforms after we update this Privacy Notice will constitute your acknowledgment and acceptance of these changes as your consent to abide and be bound by the updated Privacy Notice.

If we make any material changes to our Privacy Notice, we will notify you either through your email address you have provided us, or by placing a prominent notice on our Platforms.

Contact Us

If you have any questions or feedback about this Privacy Notice, please feel free to contact us at or through our Contact Us page on our website.