INTRODUCTION
This Privacy Statement applies to all personal data collected, maintained, transmitted, stored, retained, or otherwise used (i.e., "processed") by Tiberbu HealthNet. Our processing of your personal data is governed by the Kenya Data Protection Act 2019 ("KDPA") and, where applicable, the General Data Protection Regulation ("GDPR"). At Tiberbu
HealthNet, we recognize the significance of privacy and are staunchly committed
to ensuring the confidentiality, integrity, and security of your personal data.
This Statement sets forth the comprehensive data protection and privacy
practices that Tiberbu HealthNet has adopted to safeguard your rights. |
INFORMATION WE COLLECT ABOUT YOU
The following categories of personal data may be collected by Tiberbu HealthNet:
The categories of information that we collect directly from you include the following:
Information we collect from you We collect information about you automatically through the use of cookies and similar technologies. You may be able to limit our ability to automatically collect certain types of information by adjusting the cookie settings on your web browsers. These categories of information include:
|
LAWFUL BASIS FOR USING INFORMATION ABOUT YOU
Your personal data is processed on the following lawful bases:
|
WHAT WE MAY USE YOUR PERSONAL DATA FOR
We may use your personal data for purposes including, but not limited to:
In the European Union, we must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
|
SHARING INFORMATION ABOUT YOU
Personal data
In order to achieve our own
business purposes, we may disclose your personal information to the following
parties:
The following categories of your personal information may be shared with these parties:
|
HOW WE WILL PROTECT YOUR INFORMATION
We implement
stringent reasonable
security measures designed to safeguard the personal information we process
through the Services. These measures are aimed at providing ongoing integrity
and confidentiality for your personal information. These include, but not
limited to: - a. Encryption
Technologies During Data Transmission: We employ
industry-standard encryption protocols, such as SSL/TLS, during the
transmission of your personal information over the Internet. This encryption
ensures that your data, such as login credentials, and personal identifiers,
are securely transmitted and protected from unauthorized interception. b. Regular
Cybersecurity Assessments of Our Infrastructure: Our dedicated security team conducts frequent
and rigorous assessments of our digital infrastructure. These assessments
include vulnerability scans, penetration testing, and audits to identify and
remediate potential security risks, thereby ensuring the resilience of our
systems against emerging cyber threats. c. Employee
Training on Data Protection: We believe that a well-informed team is
fundamental to data security. Therefore, all employees undergo comprehensive
training in data protection and privacy. This training emphasizes the
importance of confidentiality, the handling of sensitive information, and our
company's data protection policies and procedures. d. Access
Controls to Ensure Data Is Only Accessible to Authorized Personnel: Access to
your personal information is strictly limited to authorized personnel who
require it to perform their job functions. We enforce robust access control
policies, including the use of multi-factor authentication, regular review of
access privileges, and strict segregation of duties within our team. Additional
Security Measures: e. Regular
Data Backups: To prevent
data loss in case of an incident, we perform regular backups of all personal
information stored in our systems. These backups are encrypted and stored
securely, ensuring that they can be reliably restored when necessary. f. Incident
Response Plan: We have
established a well-defined incident response plan to swiftly address any
potential data breaches or security incidents. This plan includes procedures
for containment, eradication, and recovery, as well as communication protocols
to notify affected users and relevant authorities in a timely manner. g. Compliance
with Legal and Regulatory Standards:
We constantly
update our security practices to align with legal and regulatory requirements,
including GDPR, Kenya Data Protection Act 2019, and other data protection laws.
We also engage with external experts for periodic compliance reviews and
updates. |
HOW LONG WE WILL KEEP INFORMATION ABOUT YOU
Personal
data will be retained only for the minimum period necessary for the purposes
for which it was collected, as required by contract or other legal compliance
or for any period prescribed by applicable laws. Specifically,
for personal data collected for the purpose of a DEMO REQUEST, such information
will be deleted immediately after the demonstration has been provided to you.
This is to ensure that we do not retain your details for any longer than is
necessary for this specific processing activity.
For all
other data, retention periods shall be determined based on the need to fulfill
the purposes outlined in this Privacy Statement, taking into account our need
to answer queries or resolve problems, provide improved and new services, and
comply with legal requirements under applicable laws. This means that we may
retain your personal data for a reasonable period after your last interaction
with us. When the personal data that we collect is no longer required in this
way, we destroy or delete it in a secure manner. |
YOUR PERSONAL DATA RIGHTS
You have
the following rights concerning your personal data: a. Access: To be informed of and request
access to the personal data we process about you. b. Rectification: To request that we amend or
update your personal data where it is inaccurate or incomplete. c. Erasure: To request the deletion of your
personal data. d. Restriction: To request that we temporarily or permanently stop processing all or some of your personal data. e. Object: To object to us processing your personal data on grounds relating to your particular situation and to object to your personal data being processed for direct marketing purposes. |
CHANGES TO THE POLICY
We may modify or update this Policy from time to time. We encourage you
to visit this Policy at least once per year to learn about any changes to the
way we collect, use, or disclose your personal information. If we make a
material change to this Policy, we will take reasonable steps to notify you,
for example by posting a banner on the Services. |
CHANGING CONSENT PREFERENCE
You may
change your consent preferences or withdraw your consent at any time by
contacting us using the details provided below. |
HOW TO CONTACT US
For
further inquiries or to exercise any of your rights, please contact us at: Email: privacy@tiberbu.com If you
have concerns about our processing of your personal data, you are entitled to
lodge a complaint with the Kenyan Data Protection Authority. This
Privacy Statement is subject to updates and amendments. All modifications will
be posted on our website and, if significant, we will provide a more prominent
notice. Please be assured that Tiberbu HealthNet is unwavering in its commitment to uphold the privacy and security of your personal data. |