Logo
Follow Us:
Privacy Policy

Guru Nanak Hospital

Protecting your privacy with the highest standards of care

Guru Nanak Hospital Privacy Policy

Guru Nanak Ramgarhia Sikh Hospital (GNRSH) being a data controller and processor is committed to responsibly protecting the privacy of all stakeholders' information including your personal information. This is in accordance with the Kenya Data Protection Act, 2019, Data Protection (General) Regulations, 2021, Data Protection (Complaint Handling Procedure and Enforcement) Regulations, 2021, Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021 and the Data Protection (Civil Registration) Regulations, 2020.

1. Information We Collect

With your consent, we collect and process both Personal Data and Sensitive Personal Data.

Personal Data we collect include:

  • Personal identification details (e.g., name, ID/passport number, date of birth, contact information, gender)
  • Physical Address
  • Next-of-kin or emergency contact details
  • Bank Details (where necessary)
  • Any other information necessary for provision of healthcare services

Sensitive Personal Data we collect include:

  • Medical history and clinical records
  • Diagnostic and test results
  • Medication and Prescription Information
  • Payment and Insurance information

GNRSH may collect or process the personal information of third parties that access the Hospital premises/services, including CCTV footage, gate records, or electronic identifiers, for security and traceability.

2. Purpose for Data Collection and Processing

The purpose for data/information collection and processing includes:

  • Provision of medical care and treatment
  • Patient identification and record keeping
  • Billing, insurance claims, and payment processing
  • Communication regarding your care
  • Legal and regulatory compliance
  • Health research and statistical reporting (where applicable)
  • Consent (where applicable)
  • Security and traceability

3. Data Sharing and Disclosure

Your data/information can only be shared or disclosed with:

  • Authorized healthcare providers involved in your care
  • Insurance companies and third-party payers
  • Government and regulatory authorities as required by law
  • Service providers supporting hospital operations (under strict confidentiality agreements)

Security of User Data

We do not sell or unlawfully disclose patient information to third parties. We do not transfer your personal information to an overseas recipient unless we have your consent or are required to do so by law for legal and adequacy safeguards.

In regards to data security, we implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or disclosure. Access to patient information is restricted to authorized personnel only.

4. Patient Rights

In accordance with the Data Protection Act, 2019, you have the right to:

  • Access your personal data
  • Request correction of inaccurate or incomplete data
  • Withdraw consent where applicable
  • Object to processing of your data under certain circumstances
  • Data Deletion (Erasure)
  • Receive the personal data that you have provided to a controller in a structured, commonly used and machine-readable format and, if desired, transmit that data to another controller
  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC)

5. Data Retention

We retain personal and medical records for as long as necessary to fulfill the purposes outlined in this statement and in accordance with legal and regulatory requirements.

Consent

Where required we will seek your consent to the collection and use of your personal data as described in this Privacy Statement, unless otherwise stated or required by law.

Complaints & Contact Information

If you have a complaint about the privacy of your personal or health information, we request that you contact us at +254 709 157000, +254 722 203884, or info@gnrsh.co.ke. Upon receipt of a complaint, we will consider the details and resolve it in accordance with our complaints handling procedures.

Data Protection Principles

GNRSH personal data and sensitive personal data is treated based on lawfulness, fairness, and transparency, purpose limitation, data minimization, accuracy, storage limitation and data localization, integrity, confidentiality and accountability.

Chat with us