The Emergency Medicine Kenya Foundation (EMKF) is a not-for-profit public benefit organization founded in 2015 by local healthcare professionals to help guide and inform the development of a sustainable emergency medical care system in Kenya appropriate for the local healthcare system.
Protecting your data, privacy and personal data is very important to EMKF. It is vitally important to us that our users feel secure when using our services, platforms, applications, and sites (the “Services”) and the information that we provide.
Interpretation and Definitions
The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
- Account means a unique account created for You to access our Service or parts of our Services.
- Affiliate means an entity that controls is controlled by or is under common control with a party, whereas “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
- Application means the software program provided by the Organisation downloaded by You on any electronic device, named Casualty App
- Country refers to Kenya
- Data Controller refers to the Organisation as the legal person who, alone or jointly with others, determines the purposes and means of processing Personal Data.
- Device means any device that can access the Service, such as a computer, a cell phone or a digital tablet.
- Organisation (referred to as either “the Organisation”, “We”, “Us”, or “Our” in this Agreement) refers to Emergency Medicine Kenya Foundation, Park Place Business Centre, Park Place Building, 2nd Floor 2nd Parklands Avenue off Limuru Road, Nairobi, Kenya.
- Personal Data is any information that relates to an identified or identifiable individual.
- Services refer to the Organisation’s services, platforms, applications, and sites
- Service Provider means any natural or legal person who processes the data on behalf of the Organisation. It refers to third-party companies or individuals employed by the Organisation to facilitate the Service, to provide the Service on behalf of the Organisation, to perform services related to the Service or to assist the Organisation in analysing how the Service is used.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- You means the individual accessing or using the Service, the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
General Overview of Our Data Processing in Connection with the Services
You will be asked to provide us with your information when you:
- Fill in forms on our websites, our Casualty Application, and our digital assets (such as Facebook, Instagram, Twitter, Telegram, YouTube, WhatsApp, Instagram, LinkedIn or correspond with us by SMS, phone, email, or otherwise;
- Register/enrol to use our services; training, quiz, webinars, and talks, subscribe to our Website and receive emails in regard to future events, talks, training, and webinars.
- Access our online shop to purchase our products.
- Access our Casualty App as a healthcare provider or the general public.
- Request to join our team/ get involved/ donate to our cause.
- Fill in or complete any quizzes.
The information you will be asked to provide us for these purposes may include your name, gender, date of birth, phone number, services you received, locations, or further information required to verify your identity, such as an image of your face.
Specific Processing Activities, Type, and Purpose of their Use
When You Use Our Websites
Types of data: IP address of the requesting device, date and time of access, name and URL of the requested file, the Website from which access is obtained (“Referrer URL”), browser used, and, where applicable, your device’s operating system and the identity of your access provider.
Uses of that data: We use the above data to provide you with access to our Website, ensure that the Website can establish an internet connection smoothly and is easy to use, analyse the system security and stability, as well as for additional administrative purposes.
Use justification: Legitimate interests, Kenya Data Protection Act 2019. Our legitimate interest is based on the data collection purposes listed above. We do not use the data collected for the purpose of identifying you. You are not obliged to provide the above Personal Data. However, you will not be able to access our Websites if such Personal Data are not provided.
The Organisation will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or improve the functionality of Our Website. We are legally obligated to retain this data for more extended periods.
When You Use Our Casualty Application
Types of data: For a better experience while using Our Casualty Application (“Application”), We ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally, identifiable information includes:
Usage Data: Usage Data is collected automatically when using the Application. Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Application by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device’s unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit Our Application or when You access the Application by or through a mobile device.
Information Collected while Using the Application: While using Our Application, in order to provide features of Our Application, We collect, with Your prior permission:
- Information regarding your location
We use this information to provide features of Our Application and to improve and customise Our Application. The information may be uploaded to the Organisation’s servers and/or a Service Provider’s server or stored on Your device.
You can enable or disable access to this information anytime through Your Device settings.
Uses of that data: The Organisation may use Personal Data for the following purposes:
- To provide and maintain our Application, including monitoring the usage of our Application.
- To manage Your Account: to manage Your registration as a user of the Application. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
- For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Application.
- To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
- To manage Your requests: To attend and manage Your requests to Us.
- For Organisation transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Application users is among the assets transferred.
- For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
We may share Your personal information in the following situations:
- With Service Providers: We may share Your personal information with Service Providers to monitor and analyse the use of our Application to contact You.
- For Organisation transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Organisation assets, financing, or acquisition of all or a portion of Our Organisation to another company.
- With Organisation partners: We may share Your information with Our Organisation partners to offer You certain products, services or promotions.
- With other users: when You share personal information or otherwise interact in public areas, such information may be viewed by all users and publicly distributed outside.
- With Your consent: We may disclose Your personal information for any other purpose with Your consent.
Use justification: Legitimate interests, Kenya Data Protection Act 2019. Our legitimate interest is based on the data collection purposes listed above. We do not use the data collected for the purpose of identifying you. You are not obliged to provide the above Personal Data. However, you will not be able to access the Application if such Personal Data are not provided.
The Organisation will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or improve the functionality of Our Application. We are legally obligated to retain this data for more extended periods.
When You Register or Enroll to Receive our Services, Training, and Products on the Platforms that We Manage
Types of data include name, gender, date of birth, email, mobile number, GPS location, profession, and place of practice/ facility.
Uses of that data: We use the above data to provide you with a user account and access to services, products, and information through our platforms. It is not possible to access our services if the (non-optional) data is not provided.
Use justification: Contract performance, Data Protection Act, 2019 for the performance of a contract to which the data subject is a party or to take steps at the data subject’s request before entering into a contract.
Storage duration: Your data is deleted or anonymised (and cannot be associated with a specific natural person) when you request deletion of your account/subscription. If your account has been inactive for more than 12 months, we will contact you to check whether you wish to continue using our services. If you leave your user account unused for a subsequent 12 months, we will delete your account and anonymise your data (such that it cannot be associated with a specific natural person).
When You Receive Services, or Information on the Platforms that We Manage
Types of data include name, gender, date of birth, contact information, location, type of Service, product or information that you received, the date you received the Service, product or information, and your assessment of the quality of the services (talks, webinars, training, quizzes), products and information that you received,
Uses of that data: We use the above data to provide you with access to services, shops, training, quizzes and webinars, and information that we provide through our platforms. We also use the data to improve the quantity and quality of Service, products, and information you receive, verify and validate the services, products, and information you received, and verify your eligibility to access and utilise services, products, and information from our platforms. It is not possible to access our services, product or information (non-optional) if data is not provided.
Use justification: Kenya Data Protection Act, 2019 and Data Protection regulation 2021
Storage duration: Your data is deleted or anonymised (and cannot be associated with a specific natural person) when you request deletion of your account.
Direct Marketing to You of Services, Products, or Information Available on the Platform, Email, and Website that We Manage
Types of data include name, gender, date of birth, mobile phone, email address, type of Service, product or information that you received, the date you received the Service, product or information, and your assessment of the quality of the services.
Uses of that data: We use the above data to promote services (training, webinars, talks) and products or provide you with information that we believe will interest you through email and digital channels. You can unsubscribe to our services anytime by emailing us at
Use justification: Kenya Data Protection Act, 2019 and Data Protection regulation 2021
Storage duration: Your data is deleted or anonymised (and cannot be associated with a specific natural person) when you request deletion of your account.
Use of Data Related to Research, Statistical and Health Purposes
Types of data include records of products or services that you have received from us and other data that you have provided to us directly or indirectly during your usage of our products or services (training, attendance details, gender disaggregation, autofill details, registration details, user profiles). The Application profile section allows you to input blood group, but this data is optional.
Uses of that data: We process this data to research the use of EMKF Services and products and prepare statistics for future improvement of our Services.
The processing is necessary for research or statistical purposes, and we publish anonymised and summarised statistics. Our legitimate interest is in processing data for these purposes for EMKF’s reporting/ analysis purposes. You may, for reasons arising from your particular situation, object to such processing at any time by sending an email to firstname.lastname@example.org
Storage duration: The storage duration of your data based on which we create the statistics corresponds to the period of processing according to the Kenya Data Protection Act, 2019. If you object to your data processing, your data will no longer be used for this purpose. The statistics are anonymous.
Cookies and Tracking on Our Services
Our Services use so-called “cookies”. Cookies are files with a small amount of data commonly used as unique anonymous identifiers. We use the term “cookies” to refer to all tools that collect data on our Services (e.g. IP addresses, place and time of the visit of the users, the user’s name and password, the user’s location, the user’s preferences such as likes, preferred language, font size and more). These are stored on your device’s internal memory. The user’s data collected in this way is pseudonymised. The data is not stored together with the user’s other Personal Data. Our Services do not use these “cookies” explicitly. However, the Services may use third-party code and libraries that use “cookies” to collect information and improve their services. This processing is carried out legally or, where the law requires, based on your consent. You can either accept or refuse these cookies and know when a cookie is being sent to your device. If you refuse our cookies, you may not be able to use some portions of the Service.
We may employ third-party companies and individuals due to the following reasons:
- To facilitate the Services;
- To provide the Services on our behalf;
- To perform Service-related services; or
- To assist us in analysing how our Services are used.
We want to inform users of Our Services that these third parties may have access to your Personal Data. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
Where Do We Store Your Personal Data
The Personal Data we collect from you is stored in the Google workspace primarily, Website servers, and MailChimp. Sensitive information between your device and Our Application and Websites is transferred in encrypted form. When transmitting sensitive information, you should always ensure that your browser can validate our certificate.
Disclosure of Your Personal Data
Use justification: The legal basis for the transfer of Personal Data to the processor and the processing by the processor depends on the legal basis on which we, as data controllers, rely Kenya Data Protection Act, 2019
Law enforcement: Under certain circumstances, the Organisation may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements: The Organisation may disclose Your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Organisation
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of Users of the Service or the public
- Protect against legal liability
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Organisation’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers outside your state, province, country or other governmental jurisdiction where the data protection laws may differ from yours.
How Long Do We Retain Your Personal Data
We will hold the above data for as long as necessary to provide you with the Services, deal with any specific issues that may arise, or, otherwise, as required by Kenyan law or by any relevant regulatory body. Specific storage periods for the respective processing activities are detailed above.
If your Personal Data is used for two different purposes, we will retain it until the purpose with the longest period expires, but we will stop using it for the purpose with the shorter period as soon as, the shorter period expires.
We restrict access to your Personal Data to the persons who need to use it for the relevant purpose(s). Our retention periods are based on reasonable business needs, and your Personal Data that is no longer needed is either anonymised (and the anonymised data may be retained) or securely destroyed.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
Under the Kenya Data Protection Act 2019, section 26, you have various rights in relation to your Personal Data (as listed below). All of these rights can be exercised by contacting us at email@example.com
A data subject has;
- Right to be informed of the use to which their Personal Data is to be put: You have a right under the Kenya Data Protection Act 2019 to be informed of the nature of the processing in simple and clear language that is understandable;
- Right to access their Personal Data in the custody of the Organisation: You have a right to obtain access and information under the conditions provided in Kenya Data Protection Act. This means that you have the right to obtain confirmation from us as to whether we are processing your Personal Data. If so, you also have the right to obtain access to Personal Data and information. This includes information regarding the purposes of the processing, the categories of Personal Data that are being processed, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed.
- Right to object to processing all or part of their Personal Data: You have a right to object under the Kenya Data Protection Act, 2019. You have a right to object to processing your Personal Data unless EMKF demonstrates compelling legitimate interest for the processing which overrides your interests or for the establishment, exercise, or defence of a legal claim. To exercise your rights of objection, you may contact us at any time by sending an email to firstname.lastname@example.org.
- Right to correct false or misleading data: You have the right to rectification under the conditions provided in the Kenya Data Protection Act, 2019. This means that you have the right to receive from us without undue delay the rectification of inaccuracies in your Personal Data and completion of incomplete Personal Data.
- Right to deletion of false or misleading data about them: You have a right to erasure (“right to be forgotten”) under the conditions provided Kenya Data Protection Act, 2019. This means that you generally have the right to obtain from us the erasure of your Personal Data, and we are obliged to erase your Personal Data without undue delay. You can do this by deleting your account at any time. If we have made the Personal Data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers who are processing the Personal Data that you have requested the erasure by such controllers of any links to, or copy or replication of those Personal Data.
- Right to withdraw consent: You have the right to withdraw your consent at any time by notifying us by email to the following address: email@example.com. By withdrawing your consent, the lawfulness of the processing based on consent will not be affected until the point of withdrawal.
- Right to restriction of processing: You have a right to restriction of processing under the conditions provided in the Kenya Data Protection Act, 2019. This means that you have the right to obtain from us the restriction of the processing. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the Personal Data. Restriction means that stored Personal Data are marked with the goal of restricting their future processing.
- Right to data portability: You have a right to data portability under the conditions provided in Kenya Data Protection Act, 2019. This means that you generally have the right to receive your Personal Data with which you have provided us in a structured, commonly used, and machine-readable format and to transmit those data to another controller without hindrance from us.
- Right to complain: As a data subject, you have a right to lodge a complaint with the Office of the Data Protection Officer or at the EMKF office, firstname.lastname@example.org.
- Right to withhold consent: You have the right to withdraw your consent to processing your Personal Data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Asking us to stop processing your Personal Data or deleting your Personal Data will likely mean that you are no longer able to use the Services; or at least those aspects of the Services which require the processing of the types of Personal Data you have asked us to delete, which may result in you no longer being able to use the Services.
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees and other third parties who are determined. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security. We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Changes to this Policy