MD Zuri Logo
Back to home

Privacy Policy

Last Updated: May 6, 2025

Quick Navigation

1. Introduction

Summary: We are committed to protecting your privacy in both Kenya and Uganda. This policy explains how we collect, use, and protect your personal data in compliance with applicable laws.

MDZuri Healthcare Platform is committed to safeguarding the privacy of its users in both Kenya and Uganda. This Privacy Policy outlines the practices concerning the collection, use, processing, storage, and protection of personal data in compliance with the Data Protection Act 2019 of Kenya and the Data Protection and Privacy Act 2019 of Uganda. By accessing and utilizing the MDZuri platform, users signify their consent to the data handling practices described herein.

The platform's commitment to user privacy is paramount, especially given the sensitive nature of healthcare data involved in telemedicine services. While the act of using the platform implies a general agreement with this policy, specific data processing activities, especially those involving sensitive personal data, will require explicit consent from the user.

2. Information We Collect

Summary: We collect personal, health, and technical information needed to provide our services. This includes identification details, medical history, payment information, and device data.

2.1 Types of Personal Information Collected

We collect the following categories of information:

  • Identification Details: Name, date of birth, gender, email address, phone number, and physical address.
  • Verification Information: National identification numbers or other government-issued identification details when necessary for account verification.
  • Health Information: Medical history, reported symptoms, diagnoses, prescriptions, treatment plans, diagnostic reports, consultation notes, and insurance details if applicable.
  • Payment Details: Credit or debit card information, bank account details, and billing addresses for users who subscribe to premium services or make payments.
  • Technical & Usage Data: IP addresses, geolocation data, device information, browser type, operating system, device identifiers, and data collected through cookies and similar technologies.
  • Communication & Customer Support Data: Inquiries, support requests, feedback, survey responses, reviews, and records of interactions with our customer service team.
  • Dependent Information: Personal and medical details of individuals (like children, elderly individuals, or those with disabilities) whose accounts are managed by caregivers.

2.2 Methods of Collection

We collect information directly from users when they create an account, complete forms, use platform features, or communicate with our support team. Information is also collected automatically through cookies and tracking technologies. Additionally, we may collect information from healthcare providers or other sources with your explicit consent.

3. How We Use Your Information

Summary: We use your information to provide healthcare services, personalize your experience, process payments, ensure security, comply with laws, communicate with you, and improve our services.

We use your information for the following purposes:

  • Delivering Healthcare Services: Facilitating telemedicine consultations, providing diagnoses, developing treatment plans, issuing prescriptions, and offering health education resources.
  • Enhancing User Experience: Personalizing interactions and optimizing platform performance based on preferences and behavior.
  • Processing Payments: Securely processing payments and managing subscriptions for premium services.
  • Ensuring Platform Security: Protecting user accounts from unauthorized access and preventing fraud.
  • Legal Compliance: Adhering to healthcare laws and data protection regulations in Kenya and Uganda.
  • Communication: Sending service updates, important notifications, appointment reminders, and health-related content.
  • Service Improvement: Analyzing and enhancing service effectiveness using primarily anonymized and aggregated data.
  • Research: Contributing to medical knowledge through anonymized and aggregated data for research and public health initiatives.
  • Customer Support: Addressing user issues and providing assistance.

4. Data Security Measures

Summary: We implement robust security measures including encryption, access controls, regular audits, and staff training to protect your sensitive health information.

We implement robust technical and organizational safeguards to protect your data, including:

  • Encryption of sensitive data during transmission and storage
  • Secure cloud storage with role-based access control
  • Multi-factor authentication (MFA) for enhanced account security
  • Regular security audits and vulnerability assessments
  • Firewalls and intrusion detection systems
  • Secure telehealth platforms adhering to high security standards
  • Comprehensive data security policies and procedures
  • Regular staff training on data privacy and security practices
  • Detailed data breach response plans
  • Confidentiality agreements with employees and third-party service providers
  • Physical security measures for data storage facilities

While we are committed to employing these robust security measures, no online system can guarantee absolute security. We encourage users to take personal precautions such as using strong, unique passwords and exercising caution when using public Wi-Fi networks.

5. Data Retention Policy

Summary: We keep your data only as long as necessary for providing services, complying with laws, resolving disputes, or for legitimate business purposes.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with applicable legal and regulatory requirements. Retention periods are determined based on:

  • The necessity to fulfill contractual obligations and ensure continuity of healthcare services
  • Compliance with legal, tax, and regulatory obligations in Kenya and Uganda
  • Potential resolution of disputes or enforcement of our Terms of Service
  • Legitimate business purposes such as internal analysis and service improvement

Once the retention period expires, data is securely deleted or anonymized to prevent future identification.

6. Your Rights Under Data Protection Laws

Summary: You have rights to access, correct, delete, restrict processing of, and object to processing of your personal data under Kenyan and Ugandan data protection laws.

Under Kenyan and Ugandan data protection laws, you have several rights regarding your personal data:

  • Right to Access: Request a copy of your personal data held by MDZuri
  • Right to Rectification: Correct any inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal data (subject to legal limitations)
  • Right to Restrict Processing: Limit how your data is processed in specific circumstances
  • Right to Object to Processing: Oppose processing for certain purposes, such as direct marketing
  • Right to Data Portability: Receive data in a portable format (where technically feasible)
  • Right to be Informed: Be informed about the use of your personal data
  • Right to Compensation: Seek compensation for damage due to unlawful processing

To exercise these rights, please contact us using the information in Section 14. You may also lodge complaints with the Office of the Data Protection Commissioner (ODPC) in Kenya or the Personal Data Protection Office (PDPO) in Uganda.

7. Sharing Your Information with Third Parties

Summary: We share your information with healthcare providers, service partners, and when legally required. We do not sell your personal data to third parties for marketing.

We may share your personal data with these categories of third parties:

  • Healthcare Providers: Doctors, specialists, and laboratories who deliver telemedicine services
  • Service Providers: Partners who assist with payment processing, data analytics, customer support, IT services, marketing activities, and cloud storage
  • Legal Authorities: Government agencies when required by law or in response to legal processes
  • Business Partners: In case of merger, acquisition, or sale of assets
  • Research Entities: For research and public health purposes, using only anonymized and aggregated data

We do not sell your personal data to third parties for their direct marketing purposes. When sharing data with third parties, we ensure they implement appropriate data protection measures through contractual agreements.

8. Cross-Border Data Transfers

Summary: As we operate in both Kenya and Uganda, we may transfer your data between these countries with appropriate safeguards and necessary consents.

As we operate in both Kenya and Uganda, there may be transfers of personal data between these countries. We ensure such transfers comply with the Data Protection Act 2019 (Kenya) and the Data Protection and Privacy Act 2019 (Uganda), implementing appropriate safeguards and obtaining necessary consents, particularly for sensitive personal data.

For transfers to other countries, we utilize standard contractual clauses or other legally recognized mechanisms to ensure your data remains protected according to the data protection laws of both Kenya and Uganda.

9. Use of Cookies and Tracking Technologies

Summary: We use cookies and similar technologies to improve functionality, analyze usage, and enhance your experience. You can manage cookie preferences through your browser settings.

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. These include:

  • Essential Cookies: Necessary for the platform to function correctly
  • Analytics Cookies: Help us understand how users interact with the platform
  • Functional Cookies: Remember preferences to enhance user experience
  • Advertising Cookies: May be used to deliver relevant advertisements (with consent where required)

You can manage cookie preferences through your browser settings or our cookie consent banner if available.

10. Children's Privacy

Summary: For users under 18, we require parental or guardian consent. We limit collected information to what is necessary for the specific services requested.

We are committed to protecting children's privacy. For users under 18, we require verifiable parental or guardian consent before collecting and processing personal data. The information collected from children is limited to what is necessary for the specific telemedicine services requested.

Parents and guardians have the right to review, modify, or request deletion of their children's personal data held by MDZuri.

11. Compliance with Data Protection Laws

Summary: We comply with both Kenyan and Ugandan data protection laws, ensuring lawful processing, security measures, and respect for user rights.

We affirm our commitment to complying with both the Data Protection Act 2019 of Kenya and the Data Protection and Privacy Act 2019 of Uganda. This includes:

  • Ensuring lawful, fair, and transparent processing of personal data
  • Obtaining appropriate consent, especially for sensitive personal data
  • Implementing robust security measures
  • Respecting the rights of data subjects
  • Registering with relevant data protection authorities
  • Appointing data protection officers as needed

12. Data Breach Notification

Summary: In case of a data breach, we will notify relevant authorities and affected individuals according to legal requirements, explaining the breach and our response.

In the event of a data breach that poses a high risk to individual rights and freedoms, we will:

  • Notify the relevant data protection authorities in Kenya (ODPC) and Uganda (PDPO) according to legal timelines
  • Inform affected individuals about the nature of the breach, potential consequences, and measures taken to address it
  • Take immediate steps to contain and mitigate the breach

13. Changes to This Privacy Policy

Summary: We may update this policy occasionally. Significant changes will be communicated to you, and continued use of our platform indicates acceptance of updates.

We reserve the right to update this Privacy Policy at any time. When significant changes are made, we will notify users through prominent notices on the platform or via email. The latest version will always be accessible on the MDZuri platform, with the last update date clearly displayed.

By continuing to use the platform after changes become effective, users accept the revised policy.

14. Contact Us

Summary: For questions or concerns about your privacy and data protection, please contact us using the information below.

For questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us at:

MDZuri Healthcare Ltd
ENT Building, 3rd Floor, Room D5
Biashara Street
P.O Box 54321, 00200 - City Square
Kiambu, Kenya

Email: privacy@mdzuri.com
Phone: (+256) 779724255

We are committed to addressing your inquiries and resolving any concerns regarding your privacy and data protection.