Skip to main content

PRIVACY NOTICE FOR OTHER DATA SUBJECTS

This privacy notice applies to individuals who fall under the following categories:

  • Visitors (to our premises)
  • Neighbors
  • Members of the public
  • Persons sent from training institutions (including staff and registrars)
  • Vendors and vendor staff (natural persons)
  • Medical representatives
  • Contractor’s staff
  • Property administrators and landlords (including landlord staff, incidental persons, and tenants)
  • Statutory inspectors/regulators staff (natural persons)

1.1. Introduction

Gertrude’s Children’s Hospital (“Gertrude’s,” “we,” “us,” or “our”) is committed to protecting your privacy and handling your personal data responsibly, in accordance with the Data Protection Act, 2019, and other applicable laws and regulations in Kenya. This privacy notice explains how we collect, use, store, and process your personal data when you interact with us in a capacity other than as a patient, employee, job applicant, or student.

1.2. The Kind of Personal Data We Collect

Depending on the nature of your interaction with Gertrude’s, we may collect the following types of personal data:

  • Personal details: Name, title, gender, nationality, marital status, date of birth, place of birth, age, occupation, national identification/passport number, addresses, telephone numbers, personal email addresses, and social media accounts.
  • Hospital-related details: Purpose of contacting the Hospital (e.g., inquiring about services, reporting a complaint), responses to surveys or questionnaires, and any health conditions when participating in Hospital activities.
  • Donation/Fundraising details: Purpose of donation, amount of donation, related organization (if applicable), and bank account details or other payment information.
  • Communication details: Information contained in voice, messaging, letter, email, and other communications, as well as records of meetings and conversations.
  • Monitoring information: Use of the Hospital’s information and communications systems (e.g., website interaction, cookies, IP address, login data), use of Hospital facilities, interactions on social media, information from surveys or complaint claims, and information gathered through CCTV and building access logs.
  • Marketing data: Preferences for receiving marketing from the Hospital and related third parties, and communication preferences.
  • Vendor/Contractor details: Name, date of birth, title, job description, contact details, KYC/AML information, contractual details, and payment information.

1.3. Purposes of Processing

We process your personal data for the following purposes:

  • Facilitating access and security: Granting and managing access to Hospital premises and systems, ensuring the security of our facilities, and verifying identity.
  • Communication and relationship management: Responding to inquiries, providing information, managing complaints, and maintaining communication records.
  • Service provision and administration: Managing contracts with vendors and contractors, processing payments, and administering donations.
  • Public safety and legal compliance: Monitoring activities, complying with legal obligations, and protecting the safety of individuals on our premises.
  • Marketing and communication: Providing information about our services, conducting surveys, and managing marketing preferences (with opt-out options).

1.4. Lawful Basis for Processing

We process your personal data based on one or more of the following lawful bases:

  • Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided your interests and rights do not override those interests.
  • Legal obligation: Processing is necessary for us to comply with the law.
  • Consent: You have given consent for us to process your data for a specific purpose.
  • Contract: Processing is necessary for the performance of a contract with you.
  • Public interest/official authority: Processing is necessary for a task carried out in the public interest or under official authority.

1.5. Disclosure of Your Personal Data

We may disclose your personal data to the following categories of recipients:

  • Hospital staff: Departments and individuals within Gertrude’s who need access to your data for specific purposes.
  • Service providers: Third-party vendors and contractors who provide services to us.
  • Regulatory authorities: Government agencies and regulatory bodies as required by law.
  • Other third parties: With your consent or as required by law.

1.6. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized access, use, disclosure, alteration, or destruction.

1.7. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

1.8. Your Data Protection Rights

You have rights under the Data Protection Act, 2019, including the right to access, rectify, erase, restrict processing, object to processing, and data portability. To exercise your rights, please contact our Data Protection Committee.

1.9. Contact Us

If you have any questions or concerns about this privacy notice or our data processing practices, please contact our Data Protection Committee dpc@gerties.org

Book Appointment