Doc Care Health Data Privacy Statement
Introduction.
Doc Care Health Limited (“us”, “we”, or “Doc care Health”) is the author and publisher of the internet resource www.doccarehealth.com (“Website”) on the world wide web as well as the software and applications provided by Doc Care Health, including but not limited to the mobile application ‘Doccare Health’ and the software and applications of the names ‘Doc Care Health’ (together with the Website, referred to as the “Services”).
This privacy policy ("Privacy Policy") explains how we collect, use, share, disclose and protect Personal information about the Users of the Services, including the Practitioners (as defined in the Terms of Use, which may be accessed via the following weblink: https://www.doccarehealth.com/our_terms (the “Terms of Use”), the End-Users (as defined in the Terms of Use), and the visitors of Website (jointly and severally referred to as “you” or “Users” in this Privacy Policy).
We created this Privacy Policy to demonstrate our commitment to the protection of your privacy and your personal information. Your use of and access to the Services is subject to this Privacy Policy and our Terms of Use. Any capitalized term used but not defined in this Privacy Policy shall have the meaning attributed to it in our Terms of Use.
BY USING THE SERVICES OR BY OTHERWISE GIVING US YOUR INFORMATION, YOU WILL BE DEEMED TO HAVE READ, UNDERSTOOD AND AGREED TO THE PRACTICES AND POLICIES OUTLINED IN THIS PRIVACY POLICY AND AGREE TO BE BOUND BY THE PRIVACY POLICY. YOU HEREBY CONSENT TO OUR COLLECTION, USE AND SHARING, DISCLOSURE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. WE RESERVE THE RIGHT TO CHANGE, MODIFY, ADD OR DELETE PORTIONS OF THE TERMS OF THIS PRIVACY POLICY, AT OUR SOLE DISCRETION, AT ANY TIME. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY AT ANY TIME, DO NOT USE ANY OF THE SERVICES OR GIVE US ANY OF YOUR INFORMATION. IF YOU USE THE SERVICES ON BEHALF OF SOMEONE ELSE (SUCH AS YOUR CHILD) OR AN ENTITY (SUCH AS YOUR EMPLOYER), YOU REPRESENT THAT YOU ARE AUTHORIZED BY SUCH INDIVIDUAL OR ENTITY TO (I) ACCEPT THIS PRIVACY POLICY ON SUCH INDIVIDUAL’S OR ENTITY’S BEHALF, AND (II) CONSENT ON BEHALF OF SUCH INDIVIDUAL OR ENTITY TO OUR COLLECTION, USE AND DISCLOSURE OF SUCH INDIVIDUAL’S OR ENTITY’S INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY.
Purpose of our policy
Doc Care Health provides the Doc Care Health online medical appointment booking services and associated technologies.
Doc Care Health have adopted this Privacy Policy to ensure that we have standards in place to protect the Personal Information that we collect about individuals that is necessary and incidental to:
Providing the system and services that Doc Care Health offers; and
The normal day-to-day operations of our business.
This Privacy Policy follows the standards of the Kenya Data Protection Act (DPA), 2019; Kenya Information and Communications Act, 2013; The Health Act, 2017. (and together referred to in this Privacy Policy as Personal Information).
By publishing this Privacy Policy we aim to make it easy for our customers and the public to understand what Personal Information we collect and store, why we do so, how we receive and/or obtain that information and the rights an individual has with respect to their Personal Information in our possession.
Who and what this policy applies to.
Our Privacy Policy deals with how we handle both "personal information" and "health information" as those terms are defined in the Kenya Data Protection Act (DPA), 2019; Kenya Information and Communications Act, 2013; The Health Act, 2017. (and together referred to in this Privacy Policy as Personal Information)
We handle Personal Information in our own right and also for and on behalf of our customers and users.
Our Privacy Policy apply to information we collect about businesses or companies, it also apply to information about the people in those businesses or companies which we store.
The Privacy Policy applies to all forms of information, physical and digital, whether collected or stored electronically or in hardcopy.
If, at any time, an individual provides Personal Information or other information about someone other than himself or herself, the individual warrants that:
With respect to Personal Information about a child, they are that child's "responsible person" (Namely a parent or guardian); and/or they have that person's consent to provide such information for the purpose specified.
The Information we collect
User Information: The type of information collected from the Users, In the course of business is necessary for us to collect user Information. This information allows us to identify who an individual is for the purposes of our business, share Personal Information when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
Health Information. We may collect information for an appointment about the health, disability, health services, medical histories, prescriptions, allergies and other information about an individual defined as "health information" ;
Personal Information. We may collect personal details such as an individual's name, location, date of birth, nationality, family details and other information defined as "Personal Information";
Professional Information. We may collect professional details such as an that allows us to identify who the individual is; Driving License and also for ownership of practice, details of either Letterhead/Prescription pad or Tax receipt or bill or Registration detail or Documents of Medical waste. For Pharmacy and agency for verification we collect details of Drug License and pharmacist registration.
Contact Information. We may collect information such as an individual's email address, telephone, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
Financial Information. We may collect financial information related to an individual such as Mobile money payment numbers, any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
Statistical Information. We may collect information about an individual's online and offline preferences, habits, movements, trends, decisions, associations, memberships, finances, purchases and other information for statistical purposes; and
Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual's activities.
We may collect other Personal Information about an individual, which we will maintain in accordance with this Privacy Policy.
We may also collect non-Personal Information about an individual such as information regarding their computer, network and browser. This may include their IP address. Where non-Personal Information is collected.
How Information is collected
Most information will be collected in association with an individual's use of Doc Care Health, an enquiry about Doc Care Health or generally dealing with us. However, we may also receive Personal Information from sources such as advertising, an individual's own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
Registrations/Subscriptions. When an individual registers or subscribes for a service, list, account, connection or other process whereby they enter Personal Information details in order to receive or access something, including a transaction;
Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us;
Supply. When an individual supplies us with goods or services;
Contact. When an individual contacts us in any way;
Access. When an individual accesses us physically we may require them to provide us with details for us to permit them access. When an individual accesses us through the internet we may collect information using cookies (if relevant - an individual can adjust their browser's setting to accept or reject cookies) or analytical services; and/or
As there are many circumstances in which we may collect information both electronically and physically, we will endeavor to ensure that an individual is always aware of when their Personal Information is being collected.
Where we obtain Personal Information without an individual's knowledge (such as by accidental acquisition from a client) we will either delete/destroy the information, or inform the individual that we hold such information.
When Personal Information is used & Disclosed
The primary reason Personal Information is used or disclosed is to make a booking for an appointment or request a service through Doc Care Health. We maintain all Health Information in the strictest confidence.
In general, the primary principle is that we will not use any Personal Information other than for the purpose for which it was collected other than with the individual's permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
We will retain Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
It is necessary for us to disclose an individual's Personal Information to third parties in a manner compliant with the DPA Rules in the course of our business, which would primarily be to make appointments.
We will only ever pass your contact information to medical centers booked through the Doc Care Health booking platform for the purposes of maintaining up to date records and communicating to you health related information.
We will not disclose or sell an individual's Personal Information to unrelated third parties under any circumstances.
Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
The provision of goods and services between an individual and us;
Verifying an individual's identity;
Communicating with an individual about:
Their relationship with us;
Our goods and services;
Our own marketing and promotions to customers and prospects;
Competitions, surveys and questionnaires;
Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
As required or permitted by any law.
There are some circumstances in which we must disclose an individual's information:
Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
As required by any law; and/or
In order to sell our business (in that we may need to transfer Personal Information to a new owner).
We will not disclose an individual's Personal Information to any entity outside of Kenya that is in a jurisdiction that does not have a similar regime to the DPA rules or an implemented and enforceable privacy policy similar to this Privacy Policy. We will take reasonable steps to ensure that any disclosure to an entity outside of Kenya will not be made until that entity has agreed in writing with us to safeguard Personal Information as we do.
We may utilize third-pay service providers to communicate with an individual and to store contact details about an individual. No Health Information is stored in any third-party services in Kenya or elsewhere.
End-Users’ personally identifiable information, which they choose to provide on the Website is used to help the End-Users describe/identify themselves. Other information that does not personally identify the End-Users as an individual, is collected by Doc Care Health from End-Users (such as, patterns of utilization described above) and is exclusively owned by Doc Care Health. Doc Care Health may also use such information in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, and may sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates. In particular, Doc Care Health reserves with it the right to use anonymized End-User demographics information and anonymized End-User health information for the following purposes:
Analyzing software usage patterns for improving product design and utility.
Analyzing such information for research and development of new technologies.
Using analysis of such information in other commercial product offerings of Doc Care Health.
Sharing analysis of such information with third parties for commercial use.
Opting “IN” or “OUT”
An individual may opt to not have us collect their Personal Information. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us.
The Safety & Security of Personal Information
We will take all reasonable precautions to protect an individual's Personal Information from unauthorized access. This includes appropriately securing our physical facilities and electronic networks.
Doc Care Health uses SSL encryption to store and transfer Personal Information. Despite this, the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorized access to, Personal Information where the security of information is not within our control.
We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual's Personal Information to in accordance with this policy). The collection and use of an individual's information by such third parties may be subject to separate privacy and security policies.
If an individual suspects any misuse or loss of, or unauthorized access to, their Personal Information, they should let us know immediately.
We are not liable for any loss, damage or claim arising out of another person's use of the Personal Information where we were authorized to provide that person with the Personal Information.
How to Access And/or Update Information
Users of Doc Care Health can update their Personal Information from within their Doc Care Health account or profile.
Subject to the Kenya DPA rules, an individual has the right to request from us the Personal Information that we have about them, and we have an obligation to provide them with such information within 28 days of receiving their written request.
If an individual cannot update its own information, we will correct any errors in the Personal Information we hold about an individual within 7 days of receiving written notice from them about those errors.
It is an individual's responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.
We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Personal Information we hold about them.
Complaints And Disputes
If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing to the details below (Clause 13).
If we have a dispute regarding an individual's Personal Information, we both must first attempt to resolve the issue directly between us.
If we become aware of any unauthorized access to an individual's Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
Contacting Individuals
From time to time, we may send individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual's interaction with us, they may not opt out of receiving these communications.
Consent To This Policy
You acknowledge that this Privacy Policy is a part of the Terms of Use of the Website and the other Services, and you unconditionally agree that becoming a User of the Website and its Services signifies your
assent to this Privacy Policy, and
Consent to Doc Care Health using, collecting, processing and/or disclosing your Personal Information in the manner and for the purposes set out in this Privacy Policy. Your visit to the Website and use of the Services is subject to this Privacy Policy and the Terms of Use.
Contacting Us
All correspondence with regards to privacy should be addressed to:
Doc Care Health
3708 - 00100, Nairobi Kenya
Additions to This Policy
If we decide to change this Privacy Policy, we will post the changes on our webpage at http://www.doccarehealth.com/privacy Please refer back to this Privacy Policy to review any amendments.
We may do things in addition to what is stated in this Privacy Policy to comply with the SPI rules, and nothing in this Privacy Policy shall deem us to have not complied with the SPI rules.
Schedule
Indicative List of Information by Nature of Service
End-Users using the Website by registering for an account on the Website or ‘Doc Care Health’ mobile application: You can create an account by giving us information regarding your (name, mobile number, and email address) and such other information as requested on the End-User registration page. This is to enable us to provide you with the facility to use the account to book your appointments and store other health related information.
End-Users using the Website without registering for an account on the Website or ‘Doc Care Health mobile application (i.e., ‘Guest’ End-User): You can use the Website without registering for an account, but to book an appointment, you may be asked certain information (including your mobile number and such other information as requested when you choose to use the Services without registration) to confirm the appointment.
Practitioner availing of the free listing service on the Website or ‘Doc Care Health’ mobile application by registering for an account: As a Practitioner, you may be required to provide us with information regarding your (name, mobile number, and email address) and such other information as requested on the Practitioner registration page to create an account. Doc Care Health may send email and/or SMS confirmations or other communications to End-Users in connection with their bookings, appointments or other interactions with you, if such interactions have been facilitated by Doc Care Health.
Practitioner availing of the free listing service on the Website or ‘Doc Care Health’ mobile application without registering for an account: As a Practitioner, you may avail of the listing service without registering for an account by providing information regarding your (name, mobile number, email address) and such other information as requested by any of Doc Care Health’s employees or agents who contact you in person or by telephone. In such an event, Doc Care Health will maintain this information if and until you choose to register for an account, for which Doc Care Health may contact you from time to time. Doc Care Health will, after such information is collected from you, send you a confirmation email confirming the information provided and the fact that you will be listed on the Website. In the event you do not wish to be so listed on the Website, please inform Doc Care Health immediately at info@doccarehealth.com
Practitioners using the ‘Pro’ product: You will be required to create an account and may be required to provide Doc Care Health with information regarding your (name, mobile number, and email address) and such other information as requested by Doc Care Health on the Pro Practitioner registration page, in order to complete your registration. Upon registration, Doc Care Health will access non-personally identifiable information of your patients from your patient records. You agree to make your patients fully aware of such access. You have an option under these products to switch on ‘End-User Feedback’. This will mean that you are giving one or more patients’ contact details to Doc Care Health’s feedback system. End-Users may choose to send feedback anonymously too, in which case you agree that you have no objection to such anonymous feedback. The feedback system will then send an SMS and email to the patient(s) asking for feedback which may then be published on the Website. You agree to make your patients fully aware of the possibility of their receiving such feedback queries.