
1.1 3rd Park Hospital (“the Hospital”) respects the privacy of patients, visitors, employees, suppliers and other individuals whose personal information is processed by the Hospital and is committed to protecting such information.
1.2 This Privacy Notice explains how the Hospital collects, uses, stores, discloses and protects personal information when individuals visit the Hospital’s website, access healthcare services, communicate with the Hospital, apply for employment, engage with the Hospital as suppliers or service providers, or otherwise interact with the Hospital.
1.3 This Privacy Notice is issued in accordance with the Data Protection Act, 2019, the Data Protection Regulations, the Health Act, 2017 and other applicable laws of Kenya.
1.4 By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Notice.
2.1 The Hospital is a Data Controller and, where applicable, a Data Processor in respect of personal information processed in the course of its operations.
2.2 The Hospital is committed to ensuring that personal information is processed lawfully, fairly, transparently and securely.
3.1 Depending on your interaction with us, the Hospital may collect the following categories of personal information:
a) Personal Information
b) Patient and Health Information
c) Insurance and Financial Information
d) Employment and Recruitment Information
e) Website Information
f) Security Information
3.2 The Hospital relies on the accuracy of personal information provided to it. Data subjects are encouraged to promptly notify the Hospital of any changes or inaccuracies in their personal information.
4.1 The hospital may collect personal information:
a) Directly from you during registration, consultation, admission, treatment
or discharge;
b) Through our website, online forms, patient portals and appointment booking platforms;
c) Through telemedicine services and electronic communication channels;
d) From insurance companies, employers, referring healthcare providers and other authorised third parties;
e) During recruitment and employment processes; and
f) Through CCTV systems and visitor management processes.
5.1 The Hospital may process personal information for the following purposes:
a) Providing healthcare services and patient care;
b) Maintaining patient and medical records;
c) Scheduling appointments and communicating with patients;
d) Processing payments and insurance claims;
e) Managing recruitment and employment processes;
f) Improving our services and patient experience;
g) Maintaining security and preventing fraud;
h) Complying with legal and regulatory obligations;
i) Responding to complaints, incidents and legal claims; and
j) Conducting clinical audits, quality improvement initiatives, medical
education, research and statistical analysis, subject to applicable legal,
ethical and confidentiality requirements.
6.1 Where personal information is required to provide healthcare services, verify identity, process insurance claims, comply with legal obligations or perform contractual obligations, failure to provide such information may limit the Hospital’s ability to provide the requested services.
7.1 The Hospital process personal information where:
a) You have provided your consent;
b) Processing is necessary for the provision of healthcare services;
c) Processing is required to comply with a legal obligation;
d) Processing is necessary to protect your vital interests or those of another person; or
e) Processing is necessary for the legitimate operational interests of the Hospital.
8.1 The hospital may share personal information with:
a) Healthcare professionals involved in your care;
b) Laboratories, pharmacies and diagnostic centres;
c) Medical insurers and healthcare funders;
d) Service providers supporting our operations;
e) Professional advisers and auditors; and
f) Government agencies, regulators and law enforcement authorities where required by law.
8.2 The Hospital does not sell personal information to third parties.
9.1 The Hospital may transfer personal information outside Kenya where necessary for the provision of services, operational requirements or other lawful purposes.
9.2 Where personal information is transferred outside Kenya, the Hospital shall ensure that appropriate safeguards are in place and that such transfers comply with the Data Protection Act, 2019 and applicable regulations.
10.1 The Hospital maintains appropriate physical, technical and organisational safeguards to protect personal information against unauthorised access, disclosure, loss, misuse, alteration or destruction.
10.2 Access to personal information is restricted to authorised personnel who require such information for legitimate purposes.
11.1 The Hospital maintains procedures for identifying, investigating, managing and responding to actual or suspected personal data breaches.
11.2 Where required by law, affected individuals and relevant regulatory authorities shall be notified of personal data breaches within the prescribed timelines.
12.1 Personal information shall be retained only for as long as necessary to fulfil the purposes for which it was collected and to comply with applicable legal, regulatory and professional requirements.
12.2 Medical records shall be retained in accordance with applicable healthcare laws, professional standards and regulatory requirements.
13.1 Subject to Data Protection Act and other applicable laws, you have the right to:
a) Be informed about the processing of your personal data;
b) Access your personal data;
c) Request correction of inaccurate or incomplete data;
d) Object to certain processing activities;
e) Withdraw consent where processing is based on consent;
f) Request deletion of personal information where legally permissible;
g) Request restriction of processing where applicable; and
h) Lodge a complaint where you believe your personal data has been
processed unlawfully or in violation of your rights.
13.2 Requests relating to personal data, including requests for access, correction, deletion, restriction of processing, withdrawal of consent or any other data subject rights, may be submitted to the Hospital at [email protected].
14.1 The Hospital’s website may use cookies and similar technologies to improve functionality, enhance user experience and analyse website usage.
14.2 You may manage cookie preferences through your browser settings.
15.1 Patient information and medical records are confidential.
15.2 Access to patient records is restricted to authorised personnel and other persons permitted by law or authorised by the patient.
15.3 The Hospital maintains appropriate safeguards to ensure the confidentiality, integrity and availability of patient information.
16.1 The Hospital’s website may contain links to external websites. The Hospital is not responsible for the privacy practices or content of such websites and encourages users to review the privacy notices of those websites.
17.1 If you believe that your personal data has been processed unlawfully or that your rights have been infringed, you may submit a complaint to the Hospital by email at [email protected].
17.2 You also have the right to lodge a complaint with the Office of the Data Protection Commissioner.
18.1 The Hospital may amend this Privacy Notice from time to time.
18.2 Any changes shall be published on the Hospital’s website together with the revised effective date.