Privacy Policy

Effective Date: January 2026 | Compliant with Kenya Data Protection Act 2019

Last updated: January 2026

1. Introduction

Vitala Intelligence ("we," "our," or "us") is committed to protecting your privacy and personal data in accordance with the Data Protection Act, 2019 of Kenya. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services.

We are registered as a Data Controller and Data Processor with the Office of the Data Protection Commissioner (ODPC) in Kenya.

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Data Subject" means the individual to whom personal data relates.
  • "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
  • "Data Controller" means Vitala Intelligence, which determines the purposes and means of processing personal data.

3. Information We Collect

3.1 Personal Information

We may collect the following personal data:

  • Name and contact details (email address, phone number)
  • Organisation name and job title
  • Professional credentials and qualifications
  • Healthcare facility information
  • IP addresses and browser information
  • Usage data and analytics

3.2 Sensitive Personal Data

As a healthcare analytics provider, we may process limited health-related metadata (not patient records) and professional certifications. We do not process patient health records unless explicitly engaged under a separate data processing agreement.

4. Legal Basis for Processing

Under the Data Protection Act 2019, we process personal data based on the following lawful grounds:

  • Consent: Where you have given clear consent for us to process your data for specific purposes.
  • Contract: Processing necessary for the performance of a contract with you.
  • Legal Obligation: Processing necessary for compliance with Kenyan law.
  • Legitimate Interests: Processing necessary for our legitimate business interests, provided your rights do not override these interests.

5. How We Use Your Information

We use your personal data for the following purposes:

  • Providing healthcare analytics consultancy services
  • Communicating with you regarding our services
  • Processing consultation requests and enquiries
  • Improving our website and services
  • Complying with legal and regulatory requirements
  • Sending marketing communications (with your consent)
  • Preventing fraud and ensuring security

6. Data Protection Principles

In accordance with Section 25 of the Data Protection Act 2019, we adhere to the following principles:

  • Lawfulness, Fairness, and Transparency: Processing is conducted lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes.
  • Data Minimisation: We collect only data that is adequate and relevant for the intended purpose.
  • Accuracy: We ensure personal data is accurate and kept up to date.
  • Storage Limitation: Data is retained only for as long as necessary.
  • Integrity and Confidentiality: We maintain appropriate security measures.
  • Accountability: We are responsible for and can demonstrate compliance.

7. Data Subject Rights

Under the Data Protection Act 2019, you have the following rights:

  • Right to Access: Request copies of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your data (right to be forgotten).
  • Right to Restriction: Request limitation of processing.
  • Right to Data Portability: Receive your data in a structured format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time.
  • Right to Complain: Lodge a complaint with the Office of the Data Protection Commissioner.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and audits
  • Staff training on data protection
  • Incident response procedures

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Typically:

  • Consultation enquiries: 2 years
  • Client data: Duration of contract plus 7 years (for legal/compliance purposes)
  • Website analytics: 26 months

10. Third-Party Sharing

We do not sell your personal data. We may share data with:

  • Service providers (hosting, email, analytics) under data processing agreements
  • Professional advisers (lawyers, auditors) under confidentiality agreements
  • Regulatory authorities when required by law

11. International Data Transfers

Where we transfer personal data outside Kenya, we ensure appropriate safeguards are in place as required by Section 58 of the Data Protection Act 2019, including:

  • Adequacy decisions by the ODPC
  • Standard contractual clauses
  • Certification mechanisms

12. Cookies and Tracking

Our website uses cookies and similar technologies to enhance user experience and analyse website traffic. You can manage cookie preferences through your browser settings.

13. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing data protection strategy and compliance.

Contact:
Data Protection Officer
Vitala Intelligence
Email: dpo@vitalaintelligence.com
Phone: +254 700 000 000

14. Breach Notification

In the event of a personal data breach, we will notify the Office of the Data Protection Commissioner within 72 hours of becoming aware of the breach, where feasible, and notify affected data subjects where the breach is likely to result in high risk to their rights and freedoms.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or website notification. The effective date at the top indicates when this policy was last revised.

16. Contact Information

For questions about this Privacy Policy or to exercise your data subject rights, please contact:

Vitala Intelligence
Email: info@vitalaintelligence.com
Address: Nairobi, Kenya
Office of the Data Protection Commissioner: www.odpc.go.ke

17. Governing Law

This Privacy Policy is governed by the laws of Kenya, specifically the Data Protection Act, 2019, and the Constitution of Kenya, 2010.