Privacy Policy

Protecting your personal and health information is our priority

Effective Date 01 December 2025
Last Updated 20 December 2025
Version 1.0

This Privacy Policy complies with the Kenya Data Protection Act 2019, Kenya Data Protection Regulations, Health Act 2017, Pharmacy & Poisons Board guidelines, and international best practices including GDPR principles for cross-border transfers.

Introduction

At First Compounding Pharmacy Limited (FCPL), we are committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you:

  • Visit our website (www.fcpl.co.ke)
  • Use our services
  • Place orders for our products
  • Interact with us offline (e.g., consultations, prescriptions)

Information We Collect

1. Personal Information

We collect personal information necessary to provide our services:

  • Identification Data: Full name, date of birth, national ID/passport number
  • Contact Details: Email address, phone number, physical address
  • Payment Information: Billing address, payment method details (processed securely via payment gateways)
  • Demographic Data: Age, gender (where relevant for treatment)

2. Health Information (Sensitive Personal Data)

As a healthcare provider, we collect health information necessary for treatment:

  • Medical History: Previous conditions, treatments, allergies
  • Prescriptions: Doctor's prescriptions, medication history
  • Consultation Notes: Records of consultations with our healthcare professionals
  • Health Assessments: Laboratory results, diagnostic information
  • Allergy Information: Known allergies and adverse reactions

3. Technical & Usage Data

  • Device Information: IP address, browser type, operating system
  • Usage Data: Pages visited, time spent, navigation patterns
  • Cookies: Essential cookies for functionality and analytics cookies (with consent)

How We Use Your Information

Service Provision

  • Process orders and dispense medicines
  • Provide medical consultations
  • Manage prescriptions and refills

Communication

  • Update you about your treatment
  • Schedule appointments
  • Send medication recalls if necessary

Quality & Research

  • Internal quality assurance
  • Anonymized research studies
  • Regulatory compliance

Improvement

  • Improve our website and services
  • Develop new products and services
  • Personalize your experience

Marketing Communications: We only send marketing communications (e.g., wellness tips, product updates) with your explicit consent. You can opt-out at any time.

We never sell your personal data to third parties.

Data Sharing & Disclosure

We only share your information in the following circumstances:

Data Security

We implement robust security measures to protect your information:

Encryption

End-to-end encryption for data in transit and at rest

Access Controls

Role-based access with multi-factor authentication

Secure Infrastructure

Hosted on secure, compliant servers with regular backups

Regular Audits

Regular security assessments and penetration testing

Staff Training

Regular training on data protection and privacy

Pseudonymization

Health data stored with pseudonymization where possible

Your Rights

Under the Kenya Data Protection Act 2019, you have the following rights:

Right to Access

Request a copy of your personal data held by us

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data (with exceptions)

Right to Restrict Processing

Limit how we use your personal data

Right to Object

Object to processing of your personal data

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Withdraw Consent

Withdraw consent for processing at any time

Right to Complain

Lodge a complaint with the Office of the Data Protection Commissioner

How to Exercise Your Rights

  1. Submit your request to our Data Protection Officer at dpo@fcpl.co.ke
  2. Include your full name, contact details, and specific request
  3. Provide proof of identity for verification
  4. We will respond within 14 days of receiving your request
  5. No fee for exercising your rights (unless requests are manifestly unfounded or excessive)

Children's Privacy

We do not knowingly collect data from children under 18 without parental consent. If you believe we have collected information from a child without consent, please contact us immediately at dpo@fcpl.co.ke.

International Data Transfers

Data may be transferred to international partners (e.g., USA for technical support) under adequate safeguards including:

  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Other approved transfer mechanisms under the Data Protection Act

Data Retention

We retain your personal data only for as long as necessary:

  • Health Records: As required by Kenyan health regulations (minimum 7 years)
  • Prescription Records: Minimum 2 years as per PPB requirements
  • Financial Records: 7 years for tax and accounting purposes
  • Website Analytics: 26 months from last interaction

After retention periods expire, data is securely deleted or anonymized.

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via:

  • Email to registered users
  • Notice on our website
  • In-app notifications (if applicable)

Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

Data Protection Officer

Email: dpo@fcpl.co.ke

Phone: +254 719 351 635 (Ext. 2)

Hours: Mon-Fri, 9am-5pm EAT

Registered Office

Makuyu-Murang'a Road

Murang'a Town, Kenya

Registration: PVT-6LULL579

Regulatory Bodies

  • Office of the Data Protection Commissioner: P.O. Box 30920-00100, Nairobi
  • Pharmacy & Poisons Board: Lenana Road, Nairobi
  • Health Professionals Oversight Authority: As per Kenyan regulations

By using FCPL services, you acknowledge that you have read, understood, and agree to this Privacy Policy.