Privacy Policy

INTRODUCTION

This Privacy Statement applies to all personal data collected, maintained, transmitted, stored, retained, or otherwise used (i.e., "processed") by Tiberbu HealthNet. Our processing of your personal data is governed by the Kenya Data Protection Act 2019 ("KDPA") and, where applicable, the General Data Protection Regulation ("GDPR").


At Tiberbu HealthNet, we recognize the significance of privacy and are staunchly committed to ensuring the confidentiality, integrity, and security of your personal data. This Statement sets forth the comprehensive data protection and privacy practices that Tiberbu HealthNet has adopted to safeguard your rights.

INFORMATION WE COLLECT ABOUT YOU

The following categories of personal data may be collected by Tiberbu HealthNet: 


Information we collect from you

The categories of information that we collect directly from you include the following:

  • Identifiers, such as your name, postal address, email address, account name, or other similar identifiers ;
  • Protected characteristics, such as your gender, age, or other protected classifications under applicable law;

  •  Commercial information, such as information of reservation, or other consumption histories or tendencies;

  • Financial, medical, or health insurance information, such as bank or credit card numbers;


    Information we collect from you

    We collect information about you automatically through the use of cookies and similar technologies. You may be able to limit our ability to automatically collect certain types of information by adjusting the cookie settings on your web browsers. These categories of information include:

    • Identifiers, such as IP addresses, or other persistent identifiers;
    • Internet or other electronic network activity information, such as browsing history or information regarding your interaction with any websites, applications, or devices associated with the Services.



        LAWFUL BASIS FOR USING INFORMATION ABOUT YOU

        Your personal data is processed on the following lawful bases:

        • Consent: We will ask for your explicit consent for processing certain categories of your personal data.

        • Contractual Necessity: Processing necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract
        • Legal Obligations: Processing necessary for compliance with a legal obligation to which we are subject.

        • Legitimate Interests: Processing necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

        WHAT WE MAY USE YOUR PERSONAL DATA FOR

        We may use your personal data for purposes including, but not limited to:

        • Adherence to Legal Obligations: Ensuring compliance with legal and regulatory obligations laid out under Kenyan law or any other applicable legislation.

        • Research and Analytical Purposes: Evaluating how customers use our services in order to enhance the quality and user experience of our offerings.
        • Marketing and Communications: Providing updates, promotional material, and relevant health service offers, subject to your preferences and consent.
        •  Personalization of Services: Tailoring our services to meet your needs and preferences.

        In the European Union, we must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:

        • To fulfil our contractual obligations to you, for example to provide the services, to ensure that invoices are paid correctly. Failure to provide this information may prevent or delay the fulfilment of these contractual obligations 
        • To comply with our legal obligations, for example obtaining proof of your identity.

        • To meet our legitimate interests, for example to understand how you use our products and services and to enable us to derive knowledge from that, which allows us to develop new products and services. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.


        SHARING INFORMATION ABOUT YOU

        Personal data In order to achieve our own business purposes, we may disclose your personal information to the following parties:

        • Service providers and business partners: We engage service providers and business partners (including hotel providers) to assist us with operating and providing you access to the Services. For example, to manage your booking, we need to share your data with the hotel owners. These service providers or business partners may perform marketing services, process secure payments, fulfill orders, optimize services, serve online behavioral advertising, send newsletters and marketing messages, support email and messaging services, and analyze information. Some of our service providers or business partners may engage their own service providers or business partners to further assist us. Unless otherwise specified, these companies will only use your personal information in the ways described in this Policy.
        • Where required by law: We may share your personal information with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
        • In the context of a transaction: We may share your personal information with potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell or transfer all or a portion of our assets or business.

        The following categories of your personal information may be shared with these parties:

        •  Identifiers;
        •  Protected characteristics;
        • Commercial information;
        • Financial, medical, or health insurance information;
        • Internet or other electronic network activity information.

        HOW WE WILL PROTECT YOUR INFORMATION

        We implement stringent reasonable security measures designed to safeguard the personal information we process through the Services. These measures are aimed at providing ongoing integrity and confidentiality for your personal information. These include, but not limited to: -

        a. Encryption Technologies During Data Transmission:

        We employ industry-standard encryption protocols, such as SSL/TLS, during the transmission of your personal information over the Internet. This encryption ensures that your data, such as login credentials, and personal identifiers, are securely transmitted and protected from unauthorized interception.

        b. Regular Cybersecurity Assessments of Our Infrastructure:

         Our dedicated security team conducts frequent and rigorous assessments of our digital infrastructure. These assessments include vulnerability scans, penetration testing, and audits to identify and remediate potential security risks, thereby ensuring the resilience of our systems against emerging cyber threats.

        c. Employee Training on Data Protection:

         We believe that a well-informed team is fundamental to data security. Therefore, all employees undergo comprehensive training in data protection and privacy. This training emphasizes the importance of confidentiality, the handling of sensitive information, and our company's data protection policies and procedures.

        d. Access Controls to Ensure Data Is Only Accessible to Authorized Personnel:

        Access to your personal information is strictly limited to authorized personnel who require it to perform their job functions. We enforce robust access control policies, including the use of multi-factor authentication, regular review of access privileges, and strict segregation of duties within our team.

        Additional Security Measures:

        e. Regular Data Backups:

        To prevent data loss in case of an incident, we perform regular backups of all personal information stored in our systems. These backups are encrypted and stored securely, ensuring that they can be reliably restored when necessary.

        f. Incident Response Plan:

        We have established a well-defined incident response plan to swiftly address any potential data breaches or security incidents. This plan includes procedures for containment, eradication, and recovery, as well as communication protocols to notify affected users and relevant authorities in a timely manner.

        g. Compliance with Legal and Regulatory Standards:

        We constantly update our security practices to align with legal and regulatory requirements, including GDPR, Kenya Data Protection Act 2019, and other data protection laws. We also engage with external experts for periodic compliance reviews and updates.

        HOW LONG WE WILL KEEP INFORMATION ABOUT YOU

        Personal data will be retained only for the minimum period necessary for the purposes for which it was collected, as required by contract or other legal compliance or for any period prescribed by applicable laws.

        Specifically, for personal data collected for the purpose of a DEMO REQUEST, such information will be deleted immediately after the demonstration has been provided to you. This is to ensure that we do not retain your details for any longer than is necessary for this specific processing activity.

        For all other data, retention periods shall be determined based on the need to fulfill the purposes outlined in this Privacy Statement, taking into account our need to answer queries or resolve problems, provide improved and new services, and comply with legal requirements under applicable laws. This means that we may retain your personal data for a reasonable period after your last interaction with us. When the personal data that we collect is no longer required in this way, we destroy or delete it in a secure manner.

        YOUR PERSONAL DATA RIGHTS

        You have the following rights concerning your personal data:

        a.  Access: To be informed of and request access to the personal data we process about you.

        b.  Rectification: To request that we amend or update your personal data where it is inaccurate or incomplete.

        c. Erasure: To request the deletion of your personal data.

        d. Restriction: To request that we temporarily or permanently stop processing all or some of your personal data.

        e. Object: To object to us processing your personal data on grounds relating to your particular situation and to object to your personal data being processed for direct marketing purposes.

        CHANGES TO THE POLICY

        We may modify or update this Policy from time to time. We encourage you to visit this Policy at least once per year to learn about any changes to the way we collect, use, or disclose your personal information. If we make a material change to this Policy, we will take reasonable steps to notify you, for example by posting a banner on the Services.

        CHANGING CONSENT PREFERENCE

        You may change your consent preferences or withdraw your consent at any time by contacting us using the details provided below.

        HOW TO CONTACT US

        For further inquiries or to exercise any of your rights, please contact us at:

        Email: privacy@tiberbu.com

        If you have concerns about our processing of your personal data, you are entitled to lodge a complaint with the Kenyan Data Protection Authority.

        This Privacy Statement is subject to updates and amendments. All modifications will be posted on our website and, if significant, we will provide a more prominent notice.

        Please be assured that Tiberbu HealthNet is unwavering in its commitment to uphold the privacy and security of your personal data.