Imani Health Privacy Policy
This Privacy Policy outlines how IH Wallet Ltd (Imani Health) collects, uses, discloses, and protects your personal information when you use our healthcare savings wallet app.
1. Information We Collect
- Personal Information: Name, ID number, contact information (email, phone number), financial information (IH account balance, payment details to different healthcare providers)
- Usage Data: Information about how you use the app, such as features used, frequency of use, and app performance data.
2. How We Collect Information
- Information provided directly by you, such as when you create an account or make a transaction.
- Information collected automatically when you use the app, such as features used, frequency of use and usage data.
3. How We Use Your Information
- To provide and improve our healthcare savings wallet services.
- To process transactions and payments.
- To communicate with you about your account and app updates.
- To detect and prevent fraud.
- To comply with legal obligations.
4. Information Sharing
- We DO NOT share your information with other third-party providers unless as a legal requirement from law enforcement or government agencies as required by law or legal process.
- Some trusted third-party service providers however may access to your data e.g. payment processors, hospital/healthcare facilities and cloud service providers where the data is stored.
5. Data Security
We implement reasonable security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. However, no method of transmission over the internet or electronic storage is completely secure. Should there be a data breach, we will take all reasonable steps to stop it immediately, inform you of the breach and offer mediation and solutions for the same soonest possible.
6. Data Retention
We retain your personal information for as you have an active account with us and thereafter as for as long as necessary to fulfill the purposes outlined in this Privacy Policy and in Kenya’s rule of law, unless a longer retention period is required or permitted by law.
7. Your Rights
As a user, you have the right to access, correct, or delete your personal information. This can be done on the mobile application. You may also have the right to object to or restrict the processing of your personal information. To exercise these rights, please contact info@imanihealth.co.ke or 01healthyangu@gmail.com
1.0 Data Processing
- We only process personal data for lawful purposes and in a transparent manner.
- We’ll ensure that personal data is accurate, kept up to date
- Data collected will be processed securely. We have implemented appropriate technical and organizational measures to ensure that personal data is protected against unauthorized or unlawful processing, accidental loss, destruction or damage.
- Personal information and sensitive data collected will be processed for specified, explicit, and legitimate purposes, and not further processed in a manner that is incompatible with those purposes.
- Personal information and sensitive data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
2.0 Data Retention
We’ll only retain personal data for as long as necessary to fulfil the purposes for which it was collected or as required by law. We’ll regularly review our retention periods and delete personal data that is no longer required.
3.0 Data Subject Rights
We respect the rights of data subjects and shall ensure that they are able to exercise their rights under applicable data protection regulations.
- We shall provide data subjects with information about our processing of their personal data, and we shall respond promptly to requests to access, correct, delete or restrict the processing of personal data.
- We shall also provide data subjects with the right to object to the processing of their personal data, and we shall ensure that we have appropriate procedures in place to handle such objections.
4.0 Data Breaches
In the event of a data breach, the organization will follow the following procedures:
- Contain the breach
- Assess the impact of the breach
- Notify affected individuals and the relevant authorities as required by law
- Conduct an investigation to determine the cause and scope of the incident.
- Take appropriate measures to contain the incident and prevent further damage.
- Develop a remediation plan to address any vulnerabilities or weaknesses in the system.
- Take steps to prevent a similar breach from occurring in the future
5.0 Third-Party Processors
We’ll ensure that third-party processors who process personal data on our behalf are compliant with applicable data protection regulations and have appropriate technical and organizational measures in place to protect personal data.
Sensitive data will be transferred securely, using encryption and other security measures, to prevent interception or unauthorized access.
All data transfers will be logged and audited, and any suspicious activity to be reported immediately.
These third party processors are the custodian banks who have their own data protection and privacy policies.
6.0 Training and Awareness
We’ll provide regular training to our employees on data protection regulations, our data protection policies and procedures, and the importance of protecting personal data. We shall also maintain awareness campaigns to ensure that our employees remain vigilant in protecting personal data.
7.0 Monitoring and Review
This data protection plan is a living document that will be regularly reviewed and updated to ensure it remains effective.
Our company is committed to protecting personal data and will continue to implement policies and procedures to ensure that we meet our obligations under data protection laws and regulations.
8.0 Privacy policy
Our privacy policy about how data will be collected, processed and retained is available to all clients via the application and on the website.