Privacy Policy

Introduction and Definitions
This Privacy Policy governs the collection, use, processing, and protection of your personal and health information by Stuhler Orthodontics (“the Practice,”“we,” “us”), operating in Kenya and handling data in compliance with the Kenya Data Protection Act 2019 (“DPA”), the Kenyan Healthcare Act, and the European Union’s General Data Protection Regulation (“GDPR”) for European patients.For the purposes of this policy, the following terms are defined as follows:
Personal Identifiable Information (PII) refers to any information relating     to an identified or identifiable individual, including but not limited to     name, contact details, date of birth, identification numbers, and other     identifying data.
Special Category Data means sensitive information related to your health,     genetic or biometric data, medical history, and health status.
Processing involves     collection, recording, storage, alteration, use, disclosure, or erasure of     your personal data.
‍
Data Collection and Use
We collect your information directly through various channels such as telephone conversations, emails, website forms, chatbots, in-person consultations, and electronic health records. This data includes your PII and special category data necessary for providing orthodontic treatment, managing appointments,billing, and communications. We also collect data related to your usage of digital tools and consent forms.Your data will be used exclusively for healthcare provision,appointment management, billing, sending reminders and treatment updates,improving our services, and lawful marketing communications where consent has been given. Marketing communications can be opted out of anytime by unsubscribing, emailing, or calling our Practice.

Consent
By using our services, you consent to the collection and processing of your PII and health data as described herein. In cases involving minors, we rely on the consent of a parent or legal guardian, which is deemed enforceable as if provided by the patient.Patient Rights
You have the right to:
Access your personal data and receive copies of it.
Correct or update inaccurate or incomplete data.
‍Withdraw consent for data processing at any time, subject to legal or contractual restrictions, without affecting the lawfulness of prior processing.
‍Object to or restrict certain processing activities, such as marketing or profiling.
‍Data portability, allowing you to obtain and reuse data across different services.
‍Request erasure of your data where no overriding legitimate interests or obligations require retention.
We will respond promptly to all such requests in line with applicable laws.

Data Security and Retention
We implement rigorous technical and organizational measures to safeguard your data against unauthorized access, loss, or disclosure in accordance with the DPA and GDPR. Your data is retained only for as long as necessary to fulfill the purpose of collection or to comply with legal obligations. Anonymized data may be used internally for research, auditing, or service improvement purposes without identifying you.

Data Sharing and Transfers
Your data may be shared with authorized healthcare professionals, third-party service providers such as payment processors, or government regulators strictly as required and under confidentiality agreements. Cross-border data transfers will comply with Kenyan law and international standards under GDPR, ensuring adequate data protection measures are in place.

Communication and Marketing
You agree that we may use your contact details, including email and phone number, to communicate about your treatment and to send informational or promotional material. You have an absolute right to opt out of such communications at any time.

Automated Decision-Making
We do not engage in any fully automated decision-making processes that have a significant legal or similar effect on you.

Amendments
We reserve the right to update this policy to reflect regulatory changes or operational improvements. We will notify you of significant changes through our website or direct communications.

Complaints and Contact
For any questions or concerns regarding your privacy or data rights, you may contact our Data Protection Officer at [email/phone]. You also have the right to lodge a complaint with the Office of the Data Protection Commissioner in Kenya or the relevant European supervisory authority.This comprehensive policy ensures your personal and health information is handled with utmost care, transparency, and in full compliance with Kenyan and European privacy laws, reflecting your rights and our obligations as a healthcare provider.If you wish, further clauses on telemedicine data, cloud storage specifics, or third-party integrations can be included.