Data Retention & Deletion Policy

Last Updated: 26th March 2024

1. Purpose and Scope

This Data Retention and Deletion Policy outlines the procedures and guidelines for the retention and deletion of data collected by the company. Remedius Mobile Health Co. Ltd is a digital services company that promotes the delivery of online and digitally enabled health services by making these services more accessible to clients in Uganda. This policy is designed to ensure the protection of user privacy, comply with relevant Data Protection laws, and maintain the integrity of the data collected.

2. Legal Compliance

The company commits to complying with the Data Protection and Privacy Act and Regulations of Uganda and any other applicable data protection laws, as well as company policies. This policy shall periodically be updated as needed to align with changes in legislation.

3. Data Collected

The company collects various types of data to provide accessibility to medical & mental health services through digital means. This includes personal information, health records, and behavioral data, both actively provided by users and passively collected during the use of our platforms, which include our website, telephone, and mobile application use.

4. Data Retention Periods

Data retention periods are established to balance the need for continuity of care and the principle of minimizing unnecessary storage. The following retention periods shall apply for data collected by the company:
a) Personal Information: 5 years after the last interaction of the client.
b) Health Records: 5 years after the termination of services or as shall be required by any law amendments.

5. Data Storage and Security Measures

All data collected by the company is stored securely, utilizing encryption, 2-Factor Authentication, Access Controls, and regular security audits in our systems and database servers. The storage locations shall always comply with the data privacy and protection laws in Uganda.

6. User Consent

Users provide explicit consent for data collection and storage during the onboarding process. They have the right to withdraw consent at any time. Withdrawal requests and data deletion requests can be made through the company's user interface or by contacting the Customer Relations department.

7. Data Deletion Procedures

Users can request the deletion of their data, and the company shall respond within 21 days. Upon receiving a deletion request, data shall be securely and irreversibly deleted. Exceptions to immediate deletion may occur based on legal obligations or other justifiable reasons in the Data Privacy and Protection Laws of Uganda.

8. Data Backup and Recovery

The company implements a robust data backup strategy to prevent data loss. Procedures for data recovery are in place to address accidental deletions or system failures.

9. Employee training and awareness

All employees are trained on this policy and their responsibilities in implementing and enforcing data retention and deletion procedures. Regular awareness programs are conducted to keep employees informed about the importance of data privacy.

10. Periodic Policy Review

This policy will be reviewed annually or as needed to ensure its relevance and compliance with evolving regulations and company practices.

11. Contact Information

For inquiries about data or to request data deletion, users can contact:
Phone Numbers: +256 760 207 718
Email Address: pharmacy@remediushealth.africa

12. Data Breach Response Plan

In the event of a data breach, the company has a response plan in place to promptly notify affected parties and relevant authorities.
This policy is effective as of the last update date and applies to all data collected by the company.

Users are encouraged to review this policy periodically for any updates.