Last Updated and Effective Date: June 20th 2022

1. Introduction and scope

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy notice describes how Neotech limited, doing business as LIVIA Health (“LIVIA”) uses and shares personal data collected through the LIVIA Pharmacy, LIVIA MD and LIVIA Hospital, LIVIA Health App, LIVIA Lab and LIVIA Imaging. We recognize that privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.
We do not knowingly attempt to solicit or receive information from children.
In this notice, the term “personal data” refers to information relating to an identified or identifiable individual. The term “you” refers to consumers who uses our Services.

2. Personal Data We Collect

Our goal is to limit the information we collect to the information needed to support our business. The personal information that we collect depends on the context of your interactions with us and the Services or Apps, the choices you make and the products and features you use.
We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of Livia Health services.
This is the personal information we collect.
Information You Submit: The personal information we collect can include the following.
The personal information we collect can include the following.
a) Personal identifiers, such as name, title, address (private, work) telephone number (private, work)
b) Device and online identifiers and related information, such as telephone number and email address, email addresses; business email; business phone number
c) Internet, application, and network activity, such as cookie IDs and browser visits.
d) Government identifiers, such as national identification numbers.
e) Demographic information, such as age and date of birth.
f) Financial information, such as credit and debit card numbers and claims information.
g) Health and health insurance information, such as prescription numbers and health insurance identification numbers.
h) Purchase history information, such as products you have bought
i) Biometric information, such as facial recognition
j) Location information, such as geo-location information.
k) Sensory information, such as digital photos
l) Employment information, such as occupation, title, and professional memberships.
m) Job application data such as background checks, work performance, previous work relations and employers and referees
Sensitive data: In some cases, we may handle so-called special categories of personal data about you, which may be considered sensitive .We collect data about health, medical records, medical diagnosis, prescriptions, treatment information and facial recognition. Before we handle sensitive personal data about you, we require your consent to do so. We will not handle any sensitive personal data that we are not permitted by you to handle, or that you have not provided us with. A limited amount of our personnel will have access to your sensitive personal data.
Information We Collect Indirectly.

Public sources -Personal data may be obtained from public registers (such as internet searches)

Social and professional networking sites -If you register or login to our websites using social media (i.e Google) to authenticate your identity and connect your social media login information with us, we will collect information or content needed for the registration or login that you permitted your social media provider to share with us. That information may include your name and email address and depending on your privacy settings, additional details about you, so please review the privacy controls on the applicable service to set how much information you want shared with us.
Business clients -Our business clients may engage us to perform professional services which involves sharing personal data they control as part of that engagement.
Recruitment services –We may obtain personal data about candidates from an employment agency, and other parties including former employers.
The data we collect is transferred to servers located in the UK of our cloud computing provider, Amazon Web Services (AWS); some personal data may be transferred to other vendors who provide services to Neotech, including the principal vendors listed here below;

NAME OF PROCESSOR

FUNCTION

LOCATION

Amazon Web Services (AWS):

Hosting, Database, VPN, Gateway, DNS, Chime

      United Kingdom

Mandrill

SMTP for Transactional emails

      United States

Africas Talking

Sending promotional and Transactional SMS

      Kenya

Twilio

Sending promotional and Transactional SMS

      United Kingdom

Google analytics and Firebase

Tracking and Activity Monitoring, Push notifications, Face recognition.

      United States

 Google Cloud APIs

Identifying location coordinates, Google Map, Places search

      United States

MPESA

Payment transaction.

      Kenya

Flutterwave

Credit/Debit card Payment transaction

      Kenya

By accepting the terms in this Privacy notice, using the Services or providing us with your personal data you acknowledge and consent to your personal data being transferred and/or processed as described in this Policy.
Information We Collect Automatically: 
LIVIA’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of the LIVIA’s website. We use this information to help us design our site to better suit our users’needs.

3. Cookies and Tracking Technologies.

Our Website and Services use “cookies” to help personalize your online experience. Cookiesare small data files that we transfer to your device to collect information about your use of the Our Websites. Cookies can be recognized by the website that downloaded them or other websites that use the same cookies. This helps websites know if your browsing device has visited them before. The length of time a cookie will stay on your browsing device depends on whether the cookie is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent cookies stay on your browsing device until they expire or are deleted.
For further information on the cookies we collect and their purpose, see our cookie policy. Please note that you have the ability to accept or decline cookies. Most web browsers automatically accept cookies by default, but you can modify your browser settings to decline cookies if you prefer.

4. How and Why Do We Use Personal Data?

We use your personal data to:
(a)Provide our Services to you such as

  • Validating ,processing, verification & submission of claims to insurance companies
  • Management of prescription, lab and imaging requests
  • Management of drug deliveries
  • Create preauthorization of valid policies including benefits & exclusions
  • For consultations with the doctors
  • Provide security for the Services and obtain analytics about app and ad performance
  • Marketing, develop and improve our products and services
  • To provide you with customized services and support, including to monitor, investigate, and respond to your inquiries and concerns.
  • For testing, research, analysis, and product development, including to develop and improve our Websites

b) Google Cloud platform. Livia’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
c) Customer Support. If you contact us with a question, our support team may view your data to solve your problem. We may also ask you follow-up questions requiring additional information.
d) Product development. To improve and develop our products and services, we need to understand how our Services are used and analyze personal data. We may use personal data to provide different app experiences to different users in order to improve our Services. We integrate privacy by design into these processes.

5. What lawful reasons do we have for processing personal data?

We may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:
Contract – We may process personal data in order to perform our contractual obligations owed to (or to enter into a contract with) the relevant individuals.
Consent – We may rely on your freely given consent at the time you provided your personal data to us.
Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These may include:

  • Delivering services to our clients – To deliver services to our clients who have engaged us.
  • Monitor our IT systems – Prevent fraud or criminal activity and protect our IT systems.
  • Corporate responsibility – Comply with our corporate and corporate social responsibility commitments.

 Legal obligations – We may process personal data in order to meet our legal and regulatory obligations or mandates.
Public Interest – We may process personal data in order to perform a specific task in the public interest or in the exercise of official authority vested in us.
Vital Interests – We may process personal data to protect the vital interests of the individual or another natural person.  

6. When Do We Share Personal Data?

We may share your Personal Information to the following categories of third parties
For the following purposes:

Service Providers: We may share your Personal Information to service providers, such as contractors, data processors and other third parties such as insurance companies that we use to support our organization and provide us with services. It is out policy to require that these service providers keep your Personal Information confidential, that they comply with all applicable laws, and that they only use your Personal Information for the purpose of providing support and services to us.
Corporate Affiliates: We may share your Personal Information to our partners, affiliates and associated organizations.

Other Third Parties: We may be required to provide Personal Informationto a third party in order to comply with a court order,government investigation, or other similar legal process.
We may share your Personal Information to third parties such as law enforcement agencies, when we, in good faith, believe that disclose is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

We may share your Personal Information to other third parties at your direction and with your permission.

Corporate Transaction: If we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of all or a portion of our assets, we may share or transfer your Personal Information as part of any such corporate transaction.
We use Google technology and services to obtain analytics and as a result of this, Google obtains and uses some of your personal data as described here.

7. Data subject rights

The Data Protection Act, 2019 provides certain rights for data subjects.
Subject to legal and contractual exceptions, you have rights under the Data protection Act in relation to your personal data. These are listed below: –

a) Right to be informed that we are collecting personal data about you.

b) Right to access personal data that we hold about you and request for information about how we process it.

c) Right to request that we correct your personal data where it is inaccurate or incomplete.

d) Right to request that we erase your personal data noting that we may continue to retain your information if obligated by the law or entitled to do so.

e) Right to object and withdraw your consent to processing of your personal data. We may continue to process if we have a legitimate or legal reason to do so.

f) Right to request restricted processing of your personal data noting that we may be entitled or legally obligated to continue processing your data and refuse your request.

g) Right to request transfer of your personal data in [an electronic format].

 h) You can ask us to review any decisions made about you which we made solely based on automated processing, including profiling, that produced legal effects concerning you or similarly significantly affected you.
i) You can object to our use of your personal data for direct marketing purposes, including profiling.

If you wish to exercise any of the rights set out above, please contact us on
dpo@liviaapp.com
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within reasonable time. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You have a right to lodge a complaint with the office of the data protection commissioner if you have concerns about how Livia processes your personal data. When technically feasible, we will—at your request—provide your personal data to you or transmit it directly to another controller.
Reasonable access to your personal data will be provided. If access cannot be provided within a reasonable time frame, Neotech will provide you with a date when the information will be provided. If for some reason access is denied, Neotech will provide an explanation as to why access has been denied.

8 .External Websites

Our websites may contain links that are not governed by this Privacy Notice. Please review the destination websites’ privacy notices before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.

9. Data Breach

In the event that Neotech becomes aware of a security breach which has resulted or may result in unauthorized access, use or disclosure of personal information of Livia Health’s users, Neotech will promptly investigate the matter and notify the ODPC not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

10. Data Security

Livia protects personal data with security measures that are consistent with industry standards, including background checks on all employees and data encryption in transit and at rest. Our data is hosted by Amazon Web Services, which maintains multiple security certifications. We will notify you of security incidents as required by law. We have put appropriate technical and organizational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We may apply pseudonymisation, de-identification and anonymisation techniques in efforts to further protect personal data. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.

11. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, the need to comply with our internal policy and the applicable legal, regulatory, tax, accounting or other requirements.

12. Changes to This Privacy Policy

This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time. Please be aware that, to the extent permitted by applicable law, our use of your information is governed by the Privacy Policy in effect at the time we collect the information. If you visit the Websites after a change to this Privacy Policy is posted on the Websites, you will be bound by such change. Please refer back to this Privacy Policy on a regular basis.

13. Acceptance of this policy

You acknowledge that you have read this notice and agree to all its terms and conditions. By accessing and using the Website and Services and submitting your information you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to access or use the Website and Services.

14. Online Pharmacy and Health Certification

Neotech is registered and certified by the Pharmacy and poisons Board, PPB/N/1624, to provide prescriptions based services through Livia Health App and associated website, https://liviahealth.com/, under the government of Kenya.

15. How to Contact Livia with Comments, questions, concerns or Complaints?

If you have questions, concerns, complaints, or would like to exercise your rights, please contact Livia’s representative at support@liviahealth.com;
You also have the legal right to lodge a complaint about Livia’s data processing with the office of the data protection commissioner.