Gathimaini Pharmacy Limited (“GPL”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your personal information when you access or use our e-commerce platform, website, mobile application, and any related services (collectively, the “Services”).
By accessing or using our Services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.
- Compliance With the Kenya Data Protection Act, 2019
GPL is a Data Controller under the Kenya Data Protection Act, 2019.
We collect and process your personal information only where:
- It is necessary to perform a contract with you;
- You have given consent;
- It is required to comply with the law; or
- It is in our legitimate business interests and does not override your rights.
- Information We Collect
2.1 Information You Provide to Us
When you use our Services, register an account, or make a purchase, we may collect:
- Full name
- Contact details (phone number, email address, physical address)
- Account login details (username, password)
- Payment information (mobile money details, bank details, card details)
- Prescription details
- Delivery details
- Communication history
- Any information provided through forms, support requests, or feedback
2.2 Health & Pharmaceutical Information
As part of fulfilling your medical and pharmaceutical needs, GPL may collect:
- Prescription data
- Purchase history
- Medication schedules
- Consultation details
- Insurance details (if applicable)
This information is treated as sensitive personal data and handled with enhanced safeguards.
2.3 Information Collected Automatically
When you visit our website or app, our servers automatically collect:
- IP address
- Device information
- Browser type and version
- Operating system
- Referring pages
- Pages visited, links clicked, and time spent
- Cookies and similar tracking identifiers
2.4 Information From Third Parties
We may receive personal data from:
- Healthcare providers (e.g., when filling prescriptions)
- Delivery partners
- Payment processors
- Social media platforms (if you link your account)
- Public databases
- How We Use Your Information
GPL may process your information for the following purposes:
- Creating and managing user accounts
- Processing and fulfilling orders
- Delivering medicines and other products
- Verifying prescriptions
- Delivering pharmaceutical or wellness services
- Processing payments and refunds
- Customer support and communication
- Offering promotions, discounts, and marketing updates
- Personalizing your online experience
- Improving our Services
- Analytics and performance monitoring
- Preventing fraud and ensuring platform security
- Compliance with regulatory and legal obligations
- Insurance claim processing (if applicable)
No personal information is used for purposes not listed above without your consent.
- Payment Information
GPL uses trusted third-party payment processors to securely process:
- M-PESA
- Card payments
- Bank transfers
Your payment information is encrypted and processed under PCI-DSS standards. GPL does not store your full card or M-PESA PIN details.
- Cookies and Tracking Technologies
We use cookies to:
- Improve website functionality
- Remember your preferences
- Personalize your shopping experience
- Track usage for analytics
- Enhance security
You may disable cookies through your browser settings, but some features may not function properly.
- Sharing and Disclosure of Information
We do not sell your personal data.
We only share information with:
- Delivery and logistics partners
- Healthcare professionals (for prescription verification)
- Payment processors
- Technical and hosting service providers
- Customer support partners
- Analytics or marketing service providers (limited, non-identifiable data)
We may also disclose information:
- To comply with Kenyan law or court orders
- To prevent fraud or harm
- In case of business transfer, merger, or acquisition
All third-party partners are required to comply with strict confidentiality and data protection obligations.
- International Data Transfers
Some of our service providers may store or process data outside Kenya (e.g., EU or USA). GPL ensures that such transfers comply with:
- The Kenya Data Protection Act
- Appropriate safeguards such as contracts and encryption
- Data Retention
We retain your information only as long as necessary for:
- Legal compliance
- Fulfilling our contract with you
- Record-keeping required for pharmaceutical services
- Resolving disputes
- Security, fraud prevention, and audit purposes
When data is no longer needed, it is securely deleted or anonymized.
- Your Data Protection Rights
Under the Kenya Data Protection Act, you have the right to:
- Access your personal information
- Correct inaccurate data
- Delete your data (where applicable)
- Withdraw consent
- Object to certain processing
- Restrict processing
- Data portability
- File a complaint with the Data Commissioner
Requests can be made via the contact information below.
- Data Security
GPL uses administrative, technical, and physical safeguards to protect your data, including:
- Encryption
- Secure servers and firewalls
- Access control and authentication
- Staff confidentiality agreements
- Regular audits and security assessments
No method of online transmission is 100% secure, but we take all reasonable measures to safeguard your data.
- Children’s Privacy
GPL does not knowingly collect data from children under 18 without parent or guardian consent. If you believe a minor has provided us with data, contact us immediately for removal.
- Links to Third-Party Websites
Our platform may contain links to external websites. We are not responsible for their privacy practices. We encourage you to review their policies.
- Changes to This Privacy Policy
GPL may update this Privacy Policy from time to time. We will:
- Post the updated version on our website
- Update the “Last Updated” date
Continued use of the Services means you accept the updated policy.
- Contact Information
For questions, concerns, or data protection requests, contact the GPL Data Protection Officer:
Gathimaini Pharmacy Limited (GPL)
Email: support@gathimainipharmacy.co.ke
Phone: 0707 666 126, 0707 666 855
Address: Twin Oak Plaza at the junction of Commercial Street and Kwame Nkurumah Street
Attention: Data Protection Officer – Michael Ochieng Okoth