PRIVACY POLICY

Effective Date: September 29th 2024

Welcome to MyMedikoz, a personal health records system integrating and aggregating data from various disconnected facilities through a mobile application. This Privacy Policy outlines how MyMedikoz collects, uses, shares, and protects your personal data in compliance with the Uganda Data Protection and Privacy Act of 2019. By using MyMedikoz, you agree to the terms of this Privacy Policy.

1. Information We Collect

We collect the following categories of personal and health-related information to provide our services:

a) Personal Identification Information

• Full name, date of birth, gender, and contact details (phone number, email address)
• National identification or passport number (where required for verification)
• Profile photograph (optional)
• Insurance membership details (insurer name, member ID)

b) Health and Medical Information

• Medical records aggregated from various health facilities you have visited
• Consultation history, prescriptions, diagnoses, and treatment plans
• Laboratory test results and biomarker data
• Vitals such as blood pressure, heart rate, weight, height, and blood glucose levels
• Allergy information and medication records
• Insurance claims and related medical documentation

c) Technical and Usage Information

• Device information (model, operating system, unique device identifiers)
• IP address and approximate location data (used for facility search and service delivery)
• App usage data, including pages visited and features accessed
• Push notification tokens for appointment reminders and health alerts

d) Payment Information

• Mobile money transaction references processed through our payment gateway (ZengaPay)
• We do not store your mobile money PIN or full financial account details

2. How We Use Your Information

We use the information collected for the following purposes:

• Healthcare Service Delivery: To facilitate doctor consultations, appointment booking, lab test ordering, prescription management, and access to your aggregated medical records across facilities.
• Health Tracking and Insights: To help you monitor your vitals, biomarkers, and overall health trends over time, and to power our AI health companion (Meli) with personalised health guidance.
• Dependent Management: To allow you to manage health records and appointments for your dependents (children, elders, or other family members) from a single account.
• Insurance Claims: To enable you to submit, track, and manage insurance claims with participating insurance providers.
• Payment Processing: To process consultation fees, lab test bookings, and subscription payments via mobile money.
• Communication: To send you appointment reminders, health tips, consultation confirmations, and important service notifications via email, SMS, or push notifications.
• Service Improvement: To analyse usage patterns and improve the functionality, performance, and user experience of the MyMedikoz platform.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes under Ugandan law.

3. Sharing Your Information

We respect your privacy and only share your information in the following circumstances:

• With Healthcare Providers: Your medical records and relevant health data may be shared with doctors, health facilities, and laboratories you have chosen to engage with through the platform, solely for the purpose of providing you with medical care.
• With Insurance Companies: If you submit an insurance claim through MyMedikoz, relevant medical and visit information will be shared with your designated insurer for claims processing.
• With Payment Processors: Transaction details necessary to complete mobile money payments are shared with our payment gateway provider (ZengaPay). No sensitive financial credentials are stored by MyMedikoz.
• With NGOs and Donor Programmes: If you are a beneficiary of an NGO health programme operating through MyMedikoz, limited health screening data may be shared with the relevant organisation for programme delivery and reporting.
• Legal Requirements: We may disclose your information if required by law, court order, or government regulation, or to protect the rights, safety, or property of MyMedikoz, our users, or the public.
• With Your Consent: We may share your information with other third parties when you have given explicit consent.

We do not sell your personal data to third parties for marketing or advertising purposes.

4. Data Storage and Security

We take the security of your personal and health data seriously:

• Cloud Infrastructure: Your data is stored securely on Google Firebase (Firestore) and Cloudflare R2, both of which maintain industry-leading security certifications and encryption standards.
• Encryption: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security). Data at rest is encrypted using AES-256 encryption.
• Access Controls: Access to personal health data is restricted to authorised personnel and systems on a strict need-to-know basis. Our platform enforces role-based access controls across all connected applications (Patient App, Facility App, Admin App, Insurers Portal, NGO Portal).
• Authentication: User accounts are protected by Firebase Authentication with secure password hashing. We encourage users to use strong, unique passwords.
• Data Retention: We retain your personal data for as long as your account is active or as needed to provide our services. If you request account deletion, we will remove your personal data within 30 days, subject to any legal retention requirements.

While we implement robust security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but are committed to continuously improving our safeguards.

5. Your Rights

Under the Uganda Data Protection and Privacy Act of 2019, you have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you at any time through the app or by contacting us.
• Right to Correction: You may request correction of any inaccurate or incomplete personal data. You can update most information directly within your MyMedikoz profile.
• Right to Deletion: You may request the deletion of your personal data. You can initiate account deletion through the app settings or by contacting us at info@mymedikoz.com. Deletion will be completed within 30 days.
• Right to Restrict Processing: You may request that we limit how we process your personal data in certain circumstances.
• Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: You may object to the processing of your personal data for direct marketing or other purposes not essential to service delivery.
• Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the details provided in Section 8 below.

6. Children's Privacy

MyMedikoz allows parents and guardians to manage health records for their dependents, including children under the age of 18. We collect children's health data only with the explicit consent of a parent or legal guardian and solely for the purpose of managing their healthcare within the platform.

Children under the age of 18 may not create their own MyMedikoz accounts. If we become aware that we have collected personal data from a child without verified parental consent, we will take prompt steps to delete that information.

Parents and guardians may review, update, or request deletion of their child's data at any time through the dependent management feature in the app or by contacting us directly.

7. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective Date" at the top of this page
• Notify you through the app via a push notification or in-app message
• Where required by law, seek your consent before applying significant changes to how we process your data

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

8. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:

• Company: GK Medikoz PHR Ltd
• Address: Freedom City, Namasuba, Kampala, Uganda
• Phone: +256-752-229-730
• Email: info@mymedikoz.com

You also have the right to lodge a complaint with the National Information Technology Authority - Uganda (NITA-U) if you believe your data protection rights have been violated.