At Babyl our mission is to put an accessible and affordable health service in the hands of every person on earth. We are passionate about high-quality and convenient healthcare. We are also passionate about privacy.
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.
This policy explains how we use your personal data for our healthcare services and products. It also governs the use of your data through our USSD App, or any of our websites, including the Babyl website.
This policy covers:
- Who we are;
- What personal data we hold and how we get it;
- What we use your personal data for;
- Sharing your personal data;
- Data security and transfers; and
- Your rights.
If you have any further questions about how we process your information, please don’t hesitate to get in touch with our customer support team:
What personal data we hold and how we get it
We use the following categories of personal data:
When you register with us, you answer question and provide us with basic information about yourself, such as your name, date of birth, physical address and email address. You will also provide us with your national identification number.
Health and medical information
The main type of information we hold about you is health and medical information: information about your health, symptoms, treatments, consultations and sessions, medications and procedures. This includes details of your consultations with our doctors, and interactions with our digital services.
We get some of this information directly from you, when you register with us and when you use our healthcare services.
We retain recordings of our consultations with you, in order to ensure high medical quality assurance, and to allow us to learn from them to improve our services. These recordings are held securely in accordance with our retention policy.
If you make any payments through our platform using mobile money, your mobile money provider will store all payment information and transaction details. We will only retain details of transactions on secure servers and we will not retain your mobile money account information.
What we use your personal data for
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
- We obtain and use your personal details and financial details in order to establish and deliver our contract with you.
- We obtain and use your medical information because this is necessary for medical purposes, including medical diagnosis and the provision of healthcare or treatment. This includes the information collected through our consultations with you (such as notes and recordings). It may also include sharing information with other healthcare professionals as necessary for the provision of care to you, such as your local healthcare professionals, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers.
- Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers, such as your name, address and contact details) to improve our healthcare products and services, and our artificial intelligence system, so that we can deliver better healthcare to you and other Babyl users. This medical information (de-identified in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with our artificial intelligence services, such as our symptom checker. This does not involve making any decisions about you – it is only about improving our products, services and software so that we can deliver a better experience to you and other Babyl users, and help achieve our aim of making healthcare affordable and accessible to everyone. Strict confidentiality and data security provisions apply at all times.
- We may use strictly anonymised information (including medical information) to improve our healthcare products and services.
- We may obtain and use data about your precise location where you give your consent (through providing us access to your location), for example, to help direct you to the nearest pharmacy.
- We use your email address and/or phone number to contact you with occasional updates and marketing messages, based on our legitimate interest in marketing our services to you.
- Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to, for example, troubleshoot bugs within our software, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you – it is only about improving our service so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
- Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection.
- We also store your medical information, such as notes from consultations, recordings of our consultations with you and your interactions with our digital services, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies including the Ministry of Health, or as otherwise required by law or regulation.
- Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
We may use non-personal data (data from which an individual cannot be identified) to improve our products and services.
Sharing your personal data with others
- We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf. Those data processors are bound by strict confidentiality and data security provisions, and they can only use your data in the ways specified by us.
- We may share with our commercial partners aggregated data that does not personally identify you, but which shows general trends, for example, the number of users of our service.
- Where you access our services through your health insurance provider or any of our commercial partners(including your employer) we may share with such partner your name, date of birth, email address, policy number, location, and the fact you have registered/used the service (and any other similar information). With your consent, we may share the date of the appointment, details of your diagnosis, prescription, pharmacy location, whether or not you had a referral made and other similar information about your appointment with us.
- We will, where necessary for your treatment or care, share your information with your other health and social care providers. For example, your local healthcare professional, specialist referral services, therapists, pharmacists, hospitals, accident and emergency services, pathology service providers, and other health and care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations.
- We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of our services or the physical safety of any person.
Except as described above, we will never share your personal information with any other party without your consent.
Data storage, security and transfers
We do not store your personal health data on your mobile device. We store all your personal health data – including your primary care information, medication information and diagnostic information – on secure servers.
We do not store any mobile money account information. Payments are processed via a third party payment provider that is fully compliant with all security standards.