Skip to Content

PRIVACY POLICY

Please read in detail our Privacy. This policy complies with the Laws of the Republic of Kenya, including the Kenyan Data Protection Act, 2019, and governs our collection, processing, and protection of personal data in connection with the services we provide.





Privacy Policy for Imaging Reports Ltd.

Effective Date: [4/13/2025]

Imaging Reports Ltd. (“we,” “us,” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains in detail how we collect, use, store, disclose, and secure your personal data when you access and use our services, which include:

  • Medical Image Reports (Teleradiology), provided in partnership with RADSpa Teleradtech and  IMAGEbytes Private Limited
  • Picture Archiving and Communication Systems (PACS)
  • INSTA HMS, provided in partnership with PRACTO
  • Consultancy and Training on Hospital Technology Solutions
  • Human Resources and Payroll Services
  • Financial Management Services using Microsoft Dynamics NAV 365

This document applies to all personal data processed by Imaging Reports Ltd. in the course of providing our services. By engaging with our services, you acknowledge that you have read and understood this Privacy Policy.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation or set of operations performed on personal data, whether or not by automated means.
  • Data Subject: An individual whose personal data is processed.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: An entity that processes personal data on behalf of a data controller.

2. Scope and Applicability

This Privacy Policy governs all information collected or processed by Imaging Reports Ltd. in relation to the services rendered. It applies to all clients, patients, employees, partners, and any other individuals whose personal data we process.

3. Personal Data We Collect

We collect personal data only to the extent necessary to provide our services and for legitimate business purposes. The personal data we collect includes, but is not limited to:

  • Identification Data: Name, date of birth, gender, and identification numbers.
  • Contact Information: Postal addresses, telephone numbers, email addresses, and other contact details.
  • Health and Medical Data: Medical images, diagnostic reports, radiology information, and other healthcare-related information necessary for the provision of medical image reports.
  • Employment Data: Information related to human resources and payroll services including job titles, employment records, and remuneration details.
  • Financial Data: Information required for financial management including account details, payment records, and billing information.
  • Training and Consultancy Data: Data provided by organizations or individuals participating in consultancy, training sessions, or technology solution implementations.
  • Usage Data: Information collected through our website and digital platforms, including browsing data and interaction logs, if applicable.

4. Purposes of Data Processing and Legal Basis

We process your personal data only for the following specific and legitimate purposes:

  • Provision of Services: To deliver the services you request, including Medical Image Reports, PACS, INSTA HMS, Consultancy and Training, HR and Payroll, and Financial Management.
  • Compliance with Legal Obligations: To adhere to applicable laws and regulatory requirements, including obligations under the Kenyan Data Protection Act, 2019.
  • Legitimate Business Interests: To maintain and improve service quality, enhance system security, and conduct internal audits.
  • Consent: Where required, we process personal data on the basis of your explicit consent, which you may withdraw at any time, subject to legal or contractual restrictions.

Each processing activity is conducted in accordance with the legal principles of transparency, fairness, and accountability as required by law.

5. Sharing and Disclosure of Personal Data

We disclose personal data to trusted third parties only when necessary for providing our services or when required by law. Such disclosures include:

  • Service Delivery Partners: Information may be shared with our partners, including Telerad Radspa, Imagebytes, and PRACTO, solely to enable the effective delivery of medical reporting, hospital management, and other related services.
  • Professional Advisors: Data may be disclosed to professional advisors such as legal, accounting, and IT security professionals, who are bound by confidentiality obligations.
  • Regulatory Authorities: In compliance with legal obligations, personal data may be disclosed to competent regulatory or government authorities.

All third-party disclosures are governed by stringent confidentiality agreements and contractual obligations that ensure the protection of your personal data.

6. Data Retention

We retain personal data only for as long as it is necessary to achieve the purposes for which it was collected, fulfill our legal and contractual obligations, and comply with applicable legal requirements. The retention period for each category of personal data is determined by the nature of the data and the relevant legal or business considerations. Once data is no longer required, we will securely dispose of or anonymize the information.

7. Data Security

We have implemented comprehensive technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data in transit and data at rest are encrypted using industry-standard encryption protocols.
  • Access Controls: Strict access controls are in place to ensure that only authorized personnel have access to personal data.
  • Security Audits: Regular audits and assessments of our systems and processes are conducted to ensure ongoing data security.
  • Data Backup and Recovery: Robust backup procedures are implemented to safeguard against data loss and ensure continuity of service.

Despite these measures, no security system is entirely impenetrable. Should you suspect any unauthorized access or breach, please notify us immediately.

8. International Data Transfers

Where personal data is transferred outside the Republic of Kenya for processing by our partners or service providers, we ensure that adequate safeguards are in place. These safeguards include binding corporate rules, standard contractual clauses, or other legally recognized mechanisms to ensure a level of protection equivalent to that provided under Kenyan law.

9. Your Rights Under Kenyan Law

Under the Kenyan Data Protection Act, 2019, you have certain rights regarding your personal data. These rights include:

  • Access: The right to request confirmation as to whether your personal data is being processed, and if so, to access that data.
  • Rectification: The right to request the correction of inaccurate personal data or the completion of incomplete information.
  • Erasure: The right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected or when you withdraw consent.
  • Restriction of Processing: The right to request the limitation of processing under certain circumstances.
  • Objection: The right to object to the processing of your personal data based on your particular situation or legitimate interests.
  • Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible.

To exercise any of these rights or to obtain further information about how your personal data is managed, please contact us using the details provided below.

10. Use of Cookies and Tracking Technologies

Our website and digital platforms may use cookies and similar tracking technologies to enhance user experience, analyze web traffic, and improve our service offerings. Detailed information regarding the use of these technologies is available in our Cookie Policy. By continuing to use our website, you consent to our use of cookies in accordance with this policy.

11. Changes to This Privacy Policy

This Privacy Policy may be reviewed and updated periodically to reflect changes in our data processing practices or regulatory requirements. Any material changes will be communicated through our website and, where appropriate, by other means. Your continued use of our services following the publication of changes constitutes your acceptance of those changes.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Imaging Reports Limited
P.O. Box 26949 – 00100
Nairobi, KE

Africa HQ: All Africa Conference of Churches (AACC) Building
Sir Francis Ibiam House,3rd Floor
Westlands, Off Waiyaki Way
Nairobi, Kenya.

Kericho County Office
Patnas Plaza, 3rd Floor
Litein- Kericho Road.

Uganda Office address
C/O Diasurge HealthCare Ltd
Block 196 Plot 1678 next to Baraka Complex
Kisasi-Kyanja Road

+254 111-024-900  
care@imagingreports.com
rahab@diasurgehealthcare.com


For any requests related to accessing, rectifying, or deleting your personal data, please provide adequate information to assist us in verifying your identity and processing your request.

This Privacy Policy is intended to be a comprehensive guide to our data protection practices and represents our commitment to maintaining the confidentiality, integrity, and security of your personal data in accordance with the Laws of the Republic of Kenya. We appreciate your trust in Imaging Reports Ltd. and are dedicated to continuously improving our practices to protect your privacy.

If you need further clarification on any aspect of this policy, we are available to provide additional information and guidance to ensure your concerns are fully addressed.