Free Nairobi delivery on orders over KES 2,000Talk to a licensed pharmacist · 7 days a weekSame-day delivery in Nairobi

Privacy Policy

Privacy Policy

Effective from the date listed in the page footer.

AURAMED CHEMIST ("we", "us") respects your privacy and complies with the Data Protection Act, 2019 of Kenya and the Personal Data Protection (General) Regulations, 2021 issued by the Office of the Data Protection Commissioner.

This policy explains what personal data we collect, why we collect it, who we share it with, how long we keep it, and the rights you have as a data subject.

What we collect

  • Account information: name, phone number, email address, delivery addresses, account password (hashed).
  • Order information: the products you order, prescriptions you upload, the patient the prescription is for (which may be you or someone you are buying for), payment method and transaction reference.
  • Browsing information: pages visited, products viewed, cart contents, items added to wishlist, reviews and questions you post.
  • Communications: messages you send to us, support tickets, newsletter subscriptions.
  • Technical data: IP address, browser type, device information, log data needed to operate and secure the service.

We do not knowingly collect data from children under 18 without parental or guardian involvement.

Why we collect it

  • To fulfil your orders (legal basis: contract).
  • To verify prescriptions and dispense medicines safely (legal basis: legal obligation and contract).
  • To process M-Pesa and other payments (legal basis: contract).
  • To communicate about your order (legal basis: contract).
  • To send marketing communications, only with your explicit opt-in (legal basis: consent).
  • To comply with Pharmacy and Poisons Board record-keeping requirements (legal basis: legal obligation).
  • To detect and prevent fraud or abuse of the service (legal basis: legitimate interest).

Who we share it with

  • Safaricom (M-Pesa Daraja) — for processing M-Pesa payments.
  • Delivery partners — name, delivery address and phone number, only for active deliveries.
  • Regulators (PPB, ODPC, KRA, courts) — when required by law.
  • Service providers — hosting (Hetzner), backups (Backblaze B2), email delivery (Resend), under written data-processing agreements.

We do not sell your personal data. We do not share it for third-party advertising.

Cross-border transfers

Some of our service providers process data outside Kenya. Where they do, we rely on the safeguards permitted by the Data Protection Act, including standard contractual clauses and provider commitments to equivalent protections.

How long we keep it

  • Account and order data: for as long as you have an account, plus six years after closure (in line with Kenya Revenue Authority and PPB record-keeping requirements).
  • Prescription images and dispensing records: five years from dispensing (PPB requirement).
  • Marketing data: until you unsubscribe.
  • Browsing and log data: typically 12 months.

When the retention period ends, we delete or anonymise the data.

Your rights

Under the Data Protection Act, 2019, you have the right to:

  • be informed about how your data is used (this policy);
  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • request erasure (subject to legal record-keeping obligations);
  • restrict or object to processing;
  • request data portability (a machine-readable copy of data you provided);
  • withdraw consent to marketing at any time;
  • lodge a complaint with the Office of the Data Protection Commissioner (https://odpc.go.ke).

To exercise any of these rights, contact us at job.nyakondo@yahoo.com.

Automated decision-making

We do not use automated decision-making or profiling that produces legal effects on you. Prescription verification is performed by a registered pharmacist.

Security

We protect personal data with industry-standard measures including encryption in transit (TLS), encryption at rest for backups, tenant isolation via row-level security in our database, audit logs of access to sensitive records, and role-based access for staff.

Changes to this policy

We may update this policy from time to time. Material changes will be notified to account holders by email at least 14 days before they take effect.

Contact

For privacy questions or to exercise your rights: job.nyakondo@yahoo.com.

Ask a pharmacistReply in minutes · 7 days