Privacy Policy

Home / Privacy Policy

Effective Date: July 2025

At BSR Hospital, we value your trust. Protecting your personal data and safeguarding your privacy is central to how we deliver healthcare. This Privacy Policy explains how we collect, use, disclose, and protect your information in line with the Kenya Data Protection Act, 2019.

1. Information We Collect

We collect personal information directly from you when you:

  • Register as a patient or book appointments.
  • Seek medical consultation or treatment.
  • Make payments or submit insurance details.
  • Apply for jobs, internships, or training with us.
  • Interact with our website, call center, or other communication platforms.

The information may include:

  • Identification data: Name, date of birth, gender, ID/passport number, contact details.
  • Medical data: Health history, diagnoses, treatment records, prescriptions, lab results.
  • Financial data: Billing details, payment methods, insurance information.
  • Digital data: IP address, device/browser type, cookies when using our website.

2. Lawful Basis for Processing

We process your personal data only when:

  • You have given consent.
  • It is necessary for medical care and treatment.
  • It is required for compliance with legal or regulatory obligations.
  • It is necessary to protect your vital interests or those of another person.
  • It is required for legitimate hospital operations, provided it does not override your rights.

3. How We Use Your Information

We use your personal data to:

  • Provide safe and effective healthcare services.
  • Maintain accurate and up-to-date medical records.
  • Process payments and insurance claims.
  • Conduct hospital operations and improve patient experience.
  • Meet public health obligations (e.g., disease reporting).
  • Communicate with you regarding appointments, treatment, and services (with your consent for marketing/updates).

4. Sharing of Information

We may share personal data only when necessary and lawful:

  • With healthcare professionals directly involved in your treatment.
  • With insurance providers to process claims.
  • With government agencies or regulators when legally required.
  • With third-party service providers (bound by strict confidentiality agreements).

We will never sell, rent, or trade your personal data.

5. Data Security

We implement appropriate technical, organizational, and physical safeguards to protect your data against unauthorized access, disclosure, alteration, or destruction.

6. Data Retention

We retain personal data only as long as necessary for medical, legal, and operational purposes, and in compliance with applicable laws and medical record-keeping obligations.

7. Your Rights Under the Data Protection Act

As a data subject, you have the right to:

  • Access your personal data.
  • Correct or update inaccurate information.
  • Withdraw consent at any time (where processing is based on consent).
  • Object to processing in certain circumstances.
  • Request deletion of your data, subject to legal/medical requirements.
  • Lodge a complaint with the Office of the Data Protection Commissioner (ODPC) if you believe your rights have been violated.

8. Cookies & Website Use

Our website may use cookies to enhance user experience, analyze traffic, and improve services. You may adjust your browser settings to refuse cookies; however, some features may not function properly.

9. Children’s Privacy

We only collect and process personal data of minors (below 18 years) with the consent of a parent or legal guardian, except where required for emergency medical care.

10. Updates to This Policy

We may update this Privacy Policy to reflect changes in law, technology, or hospital practices. Any updates will be posted on our website with a revised effective date.

11. Contact Us

For questions, requests, or concerns about how your personal data is handled, please contact us:

BSR Hospital:
Address: Eastern Bypass, Kamakis, Ruiru
Email: info@bsr.co.ke
Phone: +254 710 277 277