The Emergency Medicine Kenya Foundation (EMKF) is an NGO supporting emergency healthcare providers across Kenya to save lives by strengthening the emergency healthcare system through capacity building, knowledge development, advocacy and research.
Protecting your data, privacy and personal data is very important to EMKF. It is vitally important to us that our users feel secure when using our services, platforms, applications, and sites (the “Services”) and the information that we provide.
The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
The information you will be asked to provide us for these purposes may include your name, gender, date of birth, phone number, services you received, locations, or further information required to verify your identity, such as an image of your face.
Types of data: include name, gender, date of birth, email, mobile number, GPS location, profession, and place of practice/ facility.
Types of data: include name, gender, date of birth, contact information, location, type of Service, product or information that you received, the date you received the Service, product or information, and your assessment of the quality of the services (talks, webinars, training, quizzes), products and information that you received,
Types of data: include name, gender, date of birth, mobile phone, email address, type of Service, product or information that you received, the date you received the Service, product or information, and your assessment of the quality of the services.
Uses of that data: We use the above data to promote services (training, webinars, talks) and products or provide you with information that we believe will interest you through email and digital channels. You can unsubscribe to our services anytime by emailing us at firstname.lastname@example.org asking to be unsubscribed from the specific Service.
Use justification: Kenya Data Protection Act, 2019 and Data Protection regulation 2021
Storage duration: Your data is deleted or anonymised (and cannot be associated with a specific natural person) when you request deletion of your account.
We may employ third-party companies and individuals due to the following reasons:
The Personal Data we collect from you is stored in the Google workspace primarily, Website servers, and Zoho. Sensitive information between your device and Our Application and Websites is transferred in encrypted form. When transmitting sensitive information, you should always ensure that your browser can validate our certificate.
Use justification: The legal basis for the transfer of Personal Data to the processor and the processing by the processor depends on the legal basis on which we, as data controllers, rely Kenya Data Protection Act, 2019
Law enforcement: Under certain circumstances, the Organisation may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements: The Organisation may disclose Your Personal Data in the good faith belief that such action is necessary to:
Your information, including Personal Data, is processed at the Organisation’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers outside your state, province, country or other governmental jurisdiction where the data protection laws may differ from yours.
We will hold the above data for as long as necessary to provide you with the Services, deal with any specific issues that may arise, or, otherwise, as required by Kenyan law or by any relevant regulatory body. Specific storage periods for the respective processing activities are detailed above.
If your Personal Data is used for two different purposes, we will retain it until the purpose with the longest period expires, but we will stop using it for the purpose with the shorter period as soon as, the shorter period expires.
We restrict access to your Personal Data to the persons who need to use it for the relevant purpose(s). Our retention periods are based on reasonable business needs, and your Personal Data that is no longer needed is either anonymised (and the anonymised data may be retained) or securely destroyed.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
Under the Kenya Data Protection Act 2019, section 26, you have various rights in relation to your Personal Data (as listed below). All of these rights can be exercised by contacting us at email@example.com.
A data subject has;
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Asking us to stop processing your Personal Data or deleting your Personal Data will likely mean that you are no longer able to use the Services; or at least those aspects of the Services which require the processing of the types of Personal Data you have asked us to delete, which may result in you no longer being able to use the Services.
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees and other third parties who are determined. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security. We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.