Equity Afia Limited (Equity Afia) and its Affiliated Clinics in Kenya are committed to keeping your personal data private. We shall process any personal data we collect from you in accordance with Data Protection Legislation and the provisions of this Privacy Notice. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.


Equity Afia Limited and its Affiliated Clinics in Kenya will collect and process your personal data that you provide us through application forms, our website, face-to-face and electronic communication (including and not limited to telephone conversations) in order to provide our services to you.


1. We may collect, store, and use the following and not limited to the below categories of personal data about you:
2. Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
3. Personal information such as passport photos, Date of birth, Gender, Marital status, employment status, and Next of Kin;
4. Financial information;
5. Health information;
6. Medical information;
7. Insurance information;
8. Copies of your identity documents such as IDs or passports;
9. Information we obtain from third parties, such as information that we obtain when verifying details supplied by you and information collected from publicly available sources such as Companies Registry. Such third parties may include fraud prevention agencies, banks, merchants and credit reference agencies;
10. Other information about an individual that you or they disclose to us when communicating with us;
11. CCTV footage and other information obtained through electronic means in our premises;
12. IP addresses;
13. Cookies (please see our privacy policy); or
14. Share information with third parties which includes our partners which is not limited to Equity Group

In addition we may collect, store and use information about you while you access any of Equity Afia’s clinics through the mobile app or over the counter or any electronic device such as: Your name, MPIN – Storing in base64 encoded format, passwords, log in information, device model, devise OS version and type, WL Device ID

Please note, however, that in certain circumstances it may be still lawful for us to continue processing this information even where consent has been withdrawn, if one of the other legal bases described below is applicable.


We’ll only use your information where we have your consent or where we have another lawful reason including:
1. To carry out our obligations from any contracts entered into between you and us or to take steps to enter into an agreement with
2. To meet our regulatory compliance and reporting obligations
3. To provide our services to you, manage your accounts and our relationship with you
4. To respond to your queries and complaints to us and any other requests that you may have made to us
5. To keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies) which may be of interest to you unless you have indicated at any time that you do not wish us to do
6. To prevent, detect, and investigate fraud and alleged fraud practices and other crimes
7. To verify your identity in order to protect you and your assets
8. For assessment, testing (including systems tests) and analysis (including credit and/ or behaviour scoring), statistical, market and product analysis and market research. [We may use this information to prepare statistical reports to be shared internally or with our group companies. We compile these reports from information about you and our other customers. The information in these reports is never personal and you will never be identifiable from them]
9. To evaluate, develop and improve our services to you and other customers
10. To protect our business interests and to develop our business strategies
11. To contact you, by post, phone, text, email and other digital methods. This may be for reasons such as to collect any debts owing to us.


1.  If you apply to us for a product, your application may be processed by an automated decision-making process such as and not limited to:
2. Credit and affordability assessment checks to determine whether your application will be accepted as well as decide credit limits for the health provision under insurance or
3. Anti-money laundering and sanctions
4. Medical needs and health information based on the information held by Equity


We keep all your personal data confidential. However, in order to be able to service your needs to the best of our ability, we may share any information you provide to us with our group companies, our partners and their agents, counterparties and support service or data providers, wherever located. If you have provided information to other members of our group, those entities may also share that information with us. We will ensure that if we share such information with third parties, any such disclosure is at all times in compliance with Data Protection Legislation.
To help us provide services, your data will be processed internally and externally by other third parties. We use third parties for [administrative, servicing, monitoring and storage of your data]. We will outsource some services to third parties whom we consider capable of performing the required processing activities so that there is no reduction in the service standard provided to you by us.
The recipients or categories of recipients, of your information may be:
Regulatory authorities in connection with their duties such as revenue Authorities and Investigative agencies;
1. Anyone to whom we may transfer our rights and/or obligations;
2. Any other person or organisation after a restructure, sale or acquisition, as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both).
3. Credit reference Bureau, identity and address verification organisations who may record and use your information and disclose it to other lenders, financial services organizations and
4. Our service
5. Any other Third party that wishes to collect your data


Information about you in our possession may be transferred or stored in other countries outside Kenya for any of the purposes described in this Privacy Notice including countries that may have differing (and potentially less stringent) laws relating to the degree of protection of personal information. It holds that such information can become subject to the laws and disclosure requirements of such countries for any lawful purposes.
When we, or our permitted third parties, transfer information outside Kenya, we or they will impose contractual obligations on the recipients of that data to protect such information to the standard required in the Kenya.
We may also transfer your information where the transfer is to a country deemed to provide adequate protection of your information by the Data Commissioner or you have consented to the transfer.
If we transfer your information outside Kenya in other circumstances (for example because we have to provide such information by law), we will use best endeavours to put in place appropriate safeguards to ensure that your information remains adequately protected.


We will only keep the information we collect about you on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject.
We will normally destroy or erase data after statutory timelines lapse. However, we may retain your information, or information relating to your account after you cease to be a customer for longer than this, provided it is necessary for a legal, regulatory, fraud prevention or other legitimate business purpose.


All information you provide to us is stored in our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Please read the section on our website relating to online security which can be accessed here visiting


We may communicate with you via electronic mail (e-mail), post, phone, text, and other digital methods. We will never ask you for your password or account number.
When you contact us through any of our communication channels including visiting our branch of Clinics or calling our receptionist, we will verify your identity by asking you a number of questions based on information known to us about you and the transactions on your account. We may record your calls for training, quality and security purposes.


We and other members of our group may use your information from time to time to inform you by letter, telephone, text (or similar) messages, email or other electronic means, about similar services which may be of interest to you or them.
You may, at any time, request that we cease or do not send such information by one, some or all channels, by contacting us using the contact details set out below.
If you would like to contact us in relation to any of the rights set out above, please contact us using the following contact details. To protect your privacy and security, we may take reasonable steps to verify your identity before providing you with the details.
You have the right to lodge a complaint with Equity Afia.
If you are in Kenya region;
If you have questions about our Privacy Policy, please contact us on or write us here:
Equity Afia Limited
8th Floor, Equity Centre Hospital Road, Upper Hill P.O. Box 75104-00200
Nairobi, Kenya


You can contact the Data Commissioner if you have any concerns about how Equity Afia Limited and its Affiliated Clinics in Kenya has handled your personal data and you also have the right to make a complaint at any time to the Data Commissioner (DC), the Kenya supervisory authority for data protection issues. You can find out more information about your rights as a data subjects, their regulatory powers and actions they can take on their website.


The content or services mentioned on our website may be changed in future and consequently this Privacy Notice may also change. Any changes we may make to this Privacy Notice in the future will be posted on this page and where appropriate, notified to you by email.


I/We the undersigned confirm I/we have read and understood the terms of the this Privacy Policy and hereby give express, unequivocal, free, specific and informed authority to Equity Afia Limited and its Affiliated Clinics in Kenya to use and process My/ Our data pursuant to the terms of the privacy policy hereinabove written.