We respect your privacy, and we want you to know why we need certain information from you, what we are doing with it, and how we are keeping it secure.
- 1.0 What this policy covers
- 2.0 What data do we hold and how do we get it
- 3.0 What do we use your data for
- 4.0 How we store and move your data
- 5.0 How and why, we share your data
- 6.0 How long do we keep your data
- 7.0 Your rights
- 8.0 Changes to this policy
1.0 What this policy covers
This policy explains how we use your data to deliver our healthcare service through
Afya Pap mobile app
Afya Pap USSD service
Call a doctor service
Ask a doctor service
Afya Pap Medic service
Any beta versions of our apps
Our websites www.baobabcircle.com and www.afyapap.com
Our portals www.caregiver.afyapap.com/dashboard
Some of our services we offer with our partners, or on behalf of them
The technology we use to support our users’ and partners' services
Baobab Circle Ltd is the creator of Afya Pap health app and is also the Data Controller and our partners are the Data Processors. This means that Baobab Circle is responsible for how we handle and use your data.
Afya Pap is a telehealth service for self-monitoring, self-management, remote-monitoring, and teleconsultation. It provides access to quality healthcare and it also helps users to better manage their health.
Afya Pap is officially operational in Kenya, Uganda, and Zimbabwe what we refer to as “Our markets”
2.0 What data do we hold and how do we get it
2.1 Personal details
When you register to Afya Pap, we will ask you for the following information:
Your date of birth
The hospital of institution you are associated with
Pregnancy status for Female users
The information you give us must be accurate. If you give us information about yourself or another person, you're confirming that you're authorized to do so.
2.2 Health, your conditions and therapy.
When you use our services, we may collect information about your health, your conditions and therapy:
When capturing your medical conditions we may also request for the medication you may currently be using as shown below.
Condition: Diabetes Blood sugar information
Type of diabetes
Blood glucose target
Your Hab1C target
Your associated medications.
Condition: Hypertension Blood pressure information
Your associated medication
Condition: High cholesterol
Confirming if you have high cholesterol
Condition: Cardiac history
Confirming if you have cardiac history
How you feel: Your mood
Anytime you input your BS or BP, we will ask you to select your mood
Also you may be able to directly capture your mood through our mood tracker.
Symptoms checker: Coronavirus/Covid-19
Cough and sneezing
Fever (High Body temperature)
Shortness of breath or breathing difficulty
Travel history/ interaction with a person from Covid-19 high-risk areas
Confirmation that your symptoms are similar to Covid-19.
Some of this information will come directly from you, while others may come from our other platforms such as the Afya Pap Medic app from your interaction with our doctors.
If you download Afya Pap and register for the service, then later you change your mobile handset, your account including your personal and health data will be updated from your profile saved in our system on the cloud.
If you also use our Health Data service, your health data will be visible to Afya Pap medical doctors as well as to your personal doctors through the Afya Pap caregiver portal.
Details of your interactions with us
We also store copies of your consultations with our medical doctors for purposes of quality control and service improvement of our services. This is to give us an easy way to perform quality checks of consultations in order to ensure both our service level agreements and quality standards are met.
And, if you have consented for us to collect we may use your data to improve our services. This includes
Your personal health data you record on Health Data section.
Your mood capture.
Your calls with the doctors on Afya Pap Call A Doctor
Your chats with the doctors Afya Pap Ask A Doctor
Your interactions with our Symptom Checker
Your emails, calls or live chat conversations with our support team
Video and/or audio recordings from consultations
Images and other files shared with our doctors
We keep your health and medical data secure by applying technical and organizational measures to protect it.
2.3 Data from other sources
We might also receive some data about you and your health from other devices and services.
This will only happen if you've agreed to share that data with us. For example, if you decided to share information collected from a smart glucometer, smart pressure meter or smartwatch with our app.
Credit and debit card information
If you make a payment on the app, your credit or debit card or mobile payment details are processed by a third-party payment provider.
We don't store any of your credit card, debit card or mobile payment information and we only keep details of the transactions on our secure servers.
Technical information and analytics
When you use our app, our portals or visit our websites, we may collect the following data, where this is allowed by your device or browser settings:
The make and model of your device
Resettable device identifiers
Time zone, language and location settings
Your mobile network provider and your location (based on your IP address)
The IP address used to connect your mobile phone or other device to the internet
Your browser information, such as Google Chrome, Apple Safari, Firefox etc.
Information about your visit to our website or use of our app, for example when you first visited the site or how many times you've visited
Information about the products or services you viewed or used
App response times and updates
Information about your interactions, like what notifications you opened
Any phone number used to call our customer service number
We may work with other partners that provide us with analytics and advertising services. This is to:
Help us understand how people interact with our services
Provide the adverts for our services on the internet
Measure the performance of our services and our adverts
Your health information is not used for these advertising services.
2.5. Information from third-party servicess
It's possible to connect your social media accounts or your wearable device (like a smartwatch) with our services. For example, you can sign up for Baobab Circle using your Facebook login details. If you choose to do this, we'll receive the following information about you from the third party:
Username or ID
Health and lifestyle habits and information
If you use login details from third parties, they will also process your login data, and they are solely responsible for handling this.
We may also get information from other sources, such as companies that offer information on consumer trends.
We use this information to help us make our services better. We comply with data protection laws when we do this. If this information is used alongside your personal data, we will make sure that our interests never come before your rights.
If you have questions about the way your data has been handled, please contact
3.0 What we use your data for
This is how we use your data and the legal reasons for using it.
3.1 Providing you with a service
We need your personal information to enter into a contract with you and deliver services.
If you are the one paying to use our service, we use your financial details to charge you if you use our paid service or buy our products.
We use your health and medical information to provide you with healthcare service, including when it's in your vital interests. This includes giving you health advice, as well as diagnosis and treatments if you use our clinical services (Call A Doctor service our audio consultation service, where you can talk with one of our medical professionals).
This information is based on:
Providing you or planning for healthcare services in our 'legitimate interest'
Performing tasks in the public's interest
Your consent (for example, when you use our service and agree to share information with your doctor)
The health and medical information we use includes information from your:
Consultations, like notes, recordings, and transcripts
Use of products like Symptom Checker
Your previous teleconsultation with Afya Pap medic
We might share this information with other health services. This is so we can give you the right care, including when it's in your vital interests. These services include:
Your doctor or medic, if you use our private service
Our NHS or clinical service partners
Referral services like therapists, pharmacists and hospitals
We use your location to recommend services near you, like pharmacies and hospitals.
Depending on how you access our services, we get your location from your phone, internet browser, IP address or postal address.
3.2 Improving Baobab Circle's services
If you've given explicit consent, we use your health and medical information to improve our services, including our artificial intelligence systems. This helps us deliver better healthcare to you and other Afya Pap users.
We remove details that could identify you from this information, such as your name, address and contact details. These are called 'personal identifiers.
The health and medical information we collect (with your personal identifiers removed) includes information from your:
Consultations, like notes, recordings and transcripts
Use of products like Symptom Checker and Smart glucometer or Pressure Meter
This doesn't involve making any decisions which would have a big effect on you. We only use this information to deliver a better experience to you and other Afya Pap users. This explicit consent relates to when we use your personal data.
3.3 Helping health research
If you've given explicit consent, we use your data for health research. For example, to better understand health behaviour, disease risk or health outcomes.
We aim to publish our research results in peer-reviewed journals or by working with academics.
We may conduct research with partner organisations such as universities, ministries of health or other academic institutions.
The type of information we collect includes your:
Consultations, like notes, recordings and transcripts
Use of products like Symptom Checker and Smart glucometer or Pressure Meter
We remove any details that could identify you from this information. This includes your name, address and contact information.
Our research follows the Declaration of Helsinki ethical principles, which were developed by the World Medical Association.
As part of our research, we may use your contact details to invite you to take part in clinical trials. These trials might be about things like how frequently we give you medicine reminders or what exercise has the greatest impact on mood.
3.4 Using your data when it's in our 'legitimate interest'
We sometimes analyse your data and how you use our products to help us manage our business better.
This could be things like fixing bugs in our app, understanding current user trends, or working out what users might want in the future.
This doesn't involve making any decisions which would have a big effect on you. If this information is used alongside your personal data, we will make sure that our interests never come before your rights.
3.5 Keeping you up to date
We may contact you when marketing our service. This includes sending you product updates, surveys and marketing information. You can opt-in or out at any time by going to 'Settings' and 'Privacy Controls' in the app. You can also choose if you want to get app notifications in your device settings.
As part of providing you with a healthcare service or public service, we may send you health information by on-app messages, SMS, email or other ways. For example, we may send you public health alert or invite you to book an appointment for free screening programmes.
3.6 Regulating the quality and safety of our service
We use your health and medical information for the personalisation of our services, picking trends, disease surveillance, safety, training, regulatory, and compliance purposes.
This means that:
If we're legally required to, or asked by a regulator, we may need to share your information with regulatory bodies like the Ministries of Health, Medicines and Healthcare Products Regulatory Agencies or others within our countries of operations.
We may audit how you use our services, for example, to review the quality of results provided by our products
To detect and prevent fraud, we may need to share your personal and financial information with banks, financial institutions and fraud prevention services.
4.0 How we store and move your data
4.1 Personal health and medical information
Your personal health and medical information is stored on secure servers. This includes information like
Your health data
Your healthcare information received through consultations
Information about your medications
Any information about a diagnosis of illness or other problems
If you've chosen a password or authentication method to access the app, you're responsible for keeping this password and/or authentication method confidential. Please don't share it with anyone.
We encrypt data transmitted to and from our apps websites and portals. Once we have your information, we use strict procedures and security features to try to prevent unauthorised access. We will take all steps reasonably necessary to make sure that your data is treated securely.
4.2 Credit and debit card information
We don't store any of your credit or debit card information. Payments are processed through a third-party payment provider that follows strict industry data security standards. These are known as Level 1 Payment Card Industry (PCI) data security standards.
Any payments you make are encrypted using SSL technology (which converts the information into code to stop fraud).
4.3 Where we store and process your data
Your data may be processed or stored on a secure cloud outside of Kenya, Uganda, Zimbabwe (Our markets).
This will always be in line with applicable data protection lawful mechanisms (such as appropriate contractual terms) and subject to strict safeguards.
For further information on how we protect your data if we transfer it outside of the Our markets, contact us by email at: firstname.lastname@example.org
6.0 How long do we keep your data
We follow advice from the departments of health within our markets on how long to keep the information found in your medical records. This is called a 'retention period'.
We might also keep some information that doesn't identify you to help improve our business and our services.
In some circumstances, we might keep data longer if the law says we have to.
|Your information||Retention period|
|Your health records include medical records, consultations with our doctors and symptom checker interactions||
We keep your health records for 10 years after your death or after you've permanently left the service.
Electronic patient records can't be destroyed or deleted for the foreseeable future.
|Voice (or audio) consultations||We keep your voice consultations in the same way as your health records (although that period of time could change if our product changes).|
We keep your interactions with our Symptom Checker in the same way as your health records.
They are also available in the app for 1 month (although that period of time could change if our product changes). After 1 month we can provide them if you ask us for them.
|Communications with support teams, including phone calls, emails and live chats||1 year after you leave Afya Pap service.|
|Maternity records||We keep your records for 25 years after the birth of your last child.|
|Records on any treatment for a mental disorder (as described in mental health legislation)||We keep your records for twenty years after the date of your last consultation. Or ten years after your death, if that is sooner.|
If you want to see any of this information while we have it (in its 'retention period'), you can ask for it by emailing us at: email@example.com
7.0 Your rights
You're in control of your personal information. Under data protection law, you have the right to:
Remove or change your consent at any time, if we are using your data in a certain way based on it. You can do this by:
Going to the app, selecting 'Settings' and then 'Privacy controls'
Going to the Baobab Circle Health website, selecting 'Your account' and then 'Privacy'
Ask for a copy of the personal data we hold about you. Your data is stored in line with our legal and medical obligations. See: how long we keep your data).
Ask us to correct information that's wrong, delete it, or ask that we only use it for certain purposes. There might be times when we're not able to help, like if the law or our medical obligations say we can't.
Ask us to restrict any automated (computer-made) decisions made with your data
Ask for your data to be provided in a portable format that allows you to move, copy or transfer it. Or ask us to send it in this format to someone else.
To do these things, please contact us at Regulatory & Public Sector Baobab Circle Limited P.O. Box 19751-00100 Nairobi, Kenya Or by email at: firstname.lastname@example.org
We'll ask you for proof of identity. Data protection laws give us one month to get back to you.
We're regulated by the various Office of Data Protection Commissioner within our markets,
In Kenya. If you're not happy with any aspect of our data handling, you can complain to the ICO directly. You can contact them at: Office of Data Protection Commissioner email@example.com P.O Box 30920-00100 G.P.O Nairobi, Kenya +254796954269 / +254778048164
8.0 Changes to this policy
We might update this policy from time to time. If we make any important changes, we'll let you know, and give you the chance to review them.
If you agree to the changes, you don't need to do anything. Just keep using our services with the updated policy and we'll assume you are happy with the way we use your data.
If you don't agree to the changes, then you can stop using our services at any time.