Privacy Policy

Implementation and Operation

At Scanlab Center and as directed by the Act, we directly or indirectly collect information pertaining to natural persons through their own consent or that of their guardians. The purpose of our collection of such data is to ensure we give them the services they require and that we comply with the regulations set by law in case of employees.

However, the rights that govern a data subject include:

• Right to be informed of the use of the data acquired
• Right to access collected data
• Right to object to the processing of all of their personal data
• Right to ask for correction of false or misleading data
• Right have deleted false or misleading data about them require that you frequently update personal data you

On our side as data processors and controllers we will strive to:

• At the point of giving services, inform the data subject why we are collecting and processing their data.
• Request the data subjects to consent willingly to the acquiring of their information.
• Provide a platform which will allow data subjects to access their personal data in our possession at all times, upon request.
• Respond to data subject’s wish to stop processing their personal data, correct incorrect or false personal data in regards to the data subject or delete any false, misleading or incorrect information about the data subject, upon their request.
• Set measures in place to establish the age of a data subject so as to safeguard the rights of any minor that may be accompanied by a guardian.
• Ensure that there is a human component in the processing of any data.
• If we have to share any information outside the country, we will ensure that we get proof of security of the data being shared

Means of Data collection

• Request forms from your clinicians.
• Personally, from you through questions and answers.
• Feedback forms that you fill.
• From phone calls you make to the organization.
• From interaction with our websites.
• Employment agencies you/ we have used.
• Documentation you submit for a job application or possible recruitment.
• During the on-boarding by submitting documents/ information required by the HR department; submitting your financial information (e.g., bank name, branch & account) & statutory information (e.g., KRA PIN, NHIF, NSSF numbers) to facilitate payroll, tax, pension, medical insurance processing.
• When carrying out job-related activities throughout the period of you working for us.
• When the employee contract is severed by either party by completing documentation related to the exit process.
• Capturing your images for marketing purposes or security purposes e.g., via CCTV cameras, official photography or video recording.
• CCTV footage captured via CCTV cameras installed in some of our locations to provide a secure & safe working environment.
• Clinicians or medical establishments e.g., sick leave documentation.
• Directorate of Criminal Investigations or the police.
• By conducting background reference checks e.g., referees, previous healthcare providers, previous employees, credit reference bureaus, professional regulatory & licensing bodies, colleges etc. This may be done by the organization or by a background check provider.
• Social media platforms.
• Registrar of Companies.
• Banks 

Data Collected

• Personal information such as name, title, photos, date of birth, gender, marital status, next of kin, national ID or passport, disability details, nationality, your doctor’s name, facility where you are attended, driver’s license number, name of your employer.
• Personal contact details such as telephone numbers, email addresses, postal address; emergency & next of kin contact details, details of the physical location where you come from.
• Clinical history and names of tests or procedures requested.
• Background checks e.g., previous medical interventions done, employment history verification, qualifications verification, criminal record data and checks.
• Statutory documents e.g., Insurance provider, NHIF, NSSF, and KRA PIN.
• Compensation and bank account details.
• Academic and professional qualifications, skills, experience and employment history, including start and end dates, with previous employers and with GTB Scanlab Nakuru Ltd.
• Periods of leave taken including, sick leave, annual leave, maternity leave, paternity leave and other reasons for leave.
• Details of disciplinary or grievance procedures, any warning issued and related correspondence.
• Performance evaluation – performance reviews, performance improvement plans, disciplinary records etc.
• Health data e.g. via sick leave records, safety incident records etc.
• Data collected in accident reports and risk assessments.
• Biometric information (e.g. fingerprints, sound recordings).
• IP addresses

How do we use your data?

GTB Scanlab Nakuru Ltd. collects and processes data for the following reasons:

• To conform to test requirements
• To provide quality results through the information shared
• To ensure privacy of your test results
• Ensure effective general HR and business administration.
• Maintain accurate and up-to-date employee and client records including contact details.
• Provide references on request for current or former employees and referring doctors.
• Support the achievement of business & department goals through a performance management framework e.g., key performance indicators, performance appraisals etc.
• Disciplinary and grievance records to ensure acceptable conduct within the workplace;
• Facilitate recruitment, transfers and promotion processes.
• Meet obligations under health and safety laws e.g., maintain records of safety incidents.
• Keep records as required by effective workforce management.
• Respond to and defend against legal claims.
• Maintain and promote equality in the workplace.
• To facilitate workforce management and shift planning.
• To provide security, health and safety services in emergencies (e.g., for evacuation of staff in dangerous or life-threatening situations).
• We share relevant data with our partners as follows:
• Government agencies e.g., KRA, NHIF, NSSF for statutory deductions compliance; regulatory bodies to show compliance with requirements for professional registration & licensure where applicable.
• Referring facilities receive test results to facilitate treatment planning
• Patients receive their test results to help them manage their conditions e.g., diabetes patients
• Contracted processors e.g. Enterprise resource planning (ERP) providers who provide us with the human resources information system (HRIS) that we use.
• Back ground check providers who carry out back ground checks on our behalf in the recruitment process.
• Law-enforcement agencies, courts or other public authorities in response to a demand issued with the appropriate lawful mandate and where the form and scope of the demand is compliant with the law.
• Third party security firms in order to provide security to you;
• Publicly available and/ or restricted government databases to verify your identity information in order to comply with regulatory requirements;
• Survey agencies that conduct surveys on behalf of GTB Scanlab Nakuru Ltd;
• Scanlab Center will disclose your data to third parties where this supports the administration of recruitment, your employment or where we are legally obliged to.

How do we store your data?

We securely store your data as follows i.e.

• Enterprise resource planning (ERP) platform with data security precautions that include individual user login credentials, HR module access restriction, audit trails & having a data processing agreement with the supplier/ vendor etc. Data is backed up regularly via:
  • An onsite server under lock & key with restricted
  • Cloud storage through a contracted service Information is backed up regularly.
• Physical data is stored in access restricted locations and
• International data transfer where applicable will done in accordance with data protection laws. We will keep your HR data for as long as required for the purposes set out above or as required by Section 10(6) of the Employment Act 2007 [Rev 2012]. Once retention times have expired, your data will be deleted, destroyed or anonymized. Section 10(6) of the Employment Act 2007 states:” The employer shall keep the written particulars prescribed in subsection (1) for a period of five years after the termination of employment”