Logo
Book NowIconIcon
Banner

Privacy Policy

Our data privacy statement

Coptic Hospital Data Privacy Statement

At Coptic Hospital, we are dedicated to delivering compassionate and high-quality healthcare to all. In doing so we recognize the importance of protecting the personal and sensitive information of every patient, staff member, partner and vendors or suppliers.

We process personal data in accordance with the Kenyan Data Protection Act, 2019, and its accompanying regulations including the Data Protection (General) Regulations, 2021, and other relevant legal provisions governing data handling in Kenya. Coptic Hospital is duly registered as both a Data Controller and Data Processor under Section 18 of the Act.

Our commitment to protecting your data is woven into every part of our operations. We have appointed a Data Protection Officer (DPO) who can be reached at dpo@coptichospitals.org for any privacy concerns or requests related to your data.

1. Our Approach to Data Privacy

We treat all personal information with care, fairness, and integrity. Whether you are receiving care, applying for a job, supplying goods, or partnering with us, Coptic Hospital upholds the following data protection principles:

Lawfulness, Fairness, and Transparency

  • We collect and process personal data only when we have a legal basis for doing so, such as patient consent, contractual necessity, legal obligation, or public interest.
  • We ensure that individuals are informed clearly and in advance about what data is being collected, why, and how it will be used.
  • Our processes are designed to be fair and equitable, avoiding any form of manipulation or misrepresentation.

Purpose Limitation

Personal data is collected only for clearly defined, lawful, and specific purposes, such as patient treatment, billing, public health reporting, or recruitment. We do not reuse personal data for a purpose incompatible with the original reason for which it was collected, unless we obtain fresh consent or there is a lawful exemption.

Data Minimization

We collect only the minimum amount of data necessary to fulfill the intended purpose.

Accuracy

We strive to ensure that all personal data is accurate, complete, and up to date. Inaccurate or outdated data is corrected or deleted without undue delay.

Storage Limitation

Personal data is retained only for as long as it is needed to fulfill the purpose for which it was collected, or as required by law. Once the retention period lapses, data is either safely deleted or archived in a secure, de-identified format.

Integrity and Confidentiality

We apply strong technical and organizational safeguards to protect personal data against unauthorized access, accidental loss, destruction, or misuse.

Accountability

Coptic Hospital takes full responsibility for ensuring compliance with the Data Protection Act. We have established governance structures, including the appointment of a Data Protection Officer (DPO).

2. Categories of Data We Collect

a. Personal Data

Names, ID numbers, contacts, addresses, nationality, employment information, etc.

b. Sensitive Personal Data

Health records, marital status, religious beliefs, genetic and biometric data, next-of-kin details.

3. Why We Collect and Use Your Data

  • Providing medical and diagnostic services.
  • Responding to emergencies.
  • Managing patient admissions, appointments, and billing.
  • Maintaining health records as required by law.
  • Complying with regulatory and public health reporting.
  • Managing staff, suppliers, consultants, and security.
  • Conducting research with ethical approvals.

4. Lawful Basis for Processing Data

  • Explicit consent
  • Contractual necessity
  • Legal obligation
  • Vital interests (health/life)
  • Public interest
  • Legitimate interests

5. Data Collection Methods

  • Hospital registration (manual/electronic)
  • Medical consultations
  • CCTV
  • Application or tender processes
  • Website cookies
  • Third parties like insurers/referrals

6. Your Rights

  • Be informed
  • Access data
  • Correct/delete inaccurate data
  • Object to processing
  • Withdraw consent
  • Data portability
  • Complain to Data Commissioner

7. Sharing of Personal Data

  • Regulatory bodies
  • Insurance companies
  • Research institutions (with clearance)
  • Advisors, ICT providers, law enforcement

Data will not be transferred outside Kenya unless permitted by law and subject to safeguards.

8. Use of Cookies and Website Tracking

Our website may use cookies for better user experience. You may disable them in browser settings.

9. Data Security Measures

  • Role-based access
  • Encryption
  • Staff training
  • Breach response procedures

10. Contacting the Data Protection Officer

Email: dpo@coptichospitals.org
Phone: +254(0)711043120