Skip to main content

Privacy Policy

Introduction

Eastern Deanery AIDS Relief Program (EDARP) is committed to protecting your privacy and ensuring the security of your data. This policy explains how we collect, use, store and protect your personal information.

Information We Collect

We collect the following types of information:


Personal Information:


  • Name and contact details
  • Name and contact details
  • Health information when using our healthcare services
  • Donation information and transaction history
  • Communication preferences
  • Website usage data (e.g., cookies, analytics tracking).


Health information when using our healthcare services


  • Medical history and treatment records
  • Test results and prescriptions
  • Insurance information (where applicable)

 

Donation information and transaction history


  • Payment details
  • Donation history
  • Tax receipt information
  • Communication preferences

How We Use Your Information

We use your personal data for the following purposes:


Healthcare Services:


  • Provide medical care and support
  • Manage appointments and follow-ups
  • Process laboratory tests and treatment plans
  • Coordinate community health services

 

Donations & Fundraising:


  • Processing and managing donations
  • Issuing tax receipts and donor acknowledgments
  • Sending updates about impact
  • Manage recurring donations
  • Contacting donors about fundraising campaigns (only with consent).


Website and Communications:


  • Improve our services
  • Send newsletters, updates, and awareness messages (only with explicit opt-in consent).
  • Responding to inquiries or service requests
  • Conducting website analytics to enhance security and performance

Legal Basis For Processing Personal Data

We collect and process personal data based on:


  • Your consent (e.g., subscribing to newsletters, making donations).
  • Legal obligations (e.g., reporting to regulatory bodies).
  • Legitimate interests (e.g., improving our services, securing our systems).

 

Withdrawing Consent: You may withdraw consent at any time by contacting us at dpo@edarp.org

Information Security

We have strict security measures in place to protect your personal data

  • Encryption of sensitive data
  • Secure electronic medical records (EMR)
  • Regular security audits to assess vulnerabilities
  • Staff privacy training
  • Strict access controls to limit who can access personal data

Sharing Your Information

We do not sell or rent your personal data. However, we may share your information with:


  • Healthcare providers involved in your care
  • Payment processors for handling donations securely
  • Government agencies when legally required
  • Partners with signed confidentiality agreements, ensuring they comply with privacy regulations

Data Retention & Deletion

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law.


  • Healthcare records โ€“ Retained as per medical regulations.
  • Donor records โ€“ Retained for accounting and legal compliance.
  • Website and communication data โ€“ Retained until you request deletion.

 

Requesting Data Deletion: You can request that we delete your personal data where legally applicable by contacting dpo@edarp.org

Your Rights Under The Kenya Data Protection Act, 2019

As per the Kenya Data Protection Act, you have the right to:


  • Access your personal data.
  • Request corrections if your information is inaccurate.
  • Object to processing (e.g., for direct marketing).
  • Request deletion of your data (where applicable).
  • Withdraw consent for marketing communications.
  • Request data portability (where applicable).

To exercise these rights, contact us at dpo@edarp.org

Website Analytics & Cookies

To improve user experience, our website uses:


  • Cookies to store preferences and enhance navigation
  • Analytics tools to track website activity
  • Security monitoring to detect suspicious activity
  • Session tracking

Children's Privacy

We take extra care when handling childrenโ€™s data


  • Parental or guardian consent is required before collecting personal data from anyone under 18.
  • Children's data is used only for healthcare, education, and support services.
  • Young donors

Data Breach Notification

In the unlikely event of a data breach:


  • Affected individuals will be notified promptly.
  • The Kenya Data Protection Commissioner will be informed within legal timeframes.

Compliance & Regulations

We comply with:


  • Kenya Data Protection Act, 2019.
  • Healthcare privacy regulations.
  • NGO governance standards.
  • International data protection best practices.

Changes To Privacy

We may update this Privacy Policy periodically. If we make significant changes, we will:


  • Post the updated version on our website.
  • Notify users via email for major updates.

Contact Us

If you have any questions or concerns about this Privacy Policy, contact us at:


๐Ÿ“ EDARP Headquarters: Donholm Business Center - Outering Road; Opposite TotalEnergies Donholm Service Station; Nairobi - Kenya


๐Ÿ“ง dpo@edarp.org


๐Ÿ“ž +254722699211