ApertaCura Data Protection and Privacy Policy

2. Scope

This policy applies to all personal data processed by ApertaCura, including data collected through our digital wellness platform, associated mobile and web applications, and any other services we offer. It applies to all users of our services, including individuals, insurance companies, healthcare providers, and any other partners.

3. Data Collection

3.1 Types of Data Collected

We may collect the following types of personal data:

• Personal Identification Information: Name, email address, phone number, date of birth, gender.
• Health Data: Medical history, fitness activity, dietary habits, chronic conditions, medication adherence.
• Usage Data: Information about how you interact with our platform, including device information, IP addresses, and browsing behavior.
• Communications Data: Any data exchanged through our WhatsApp API or other communication channels.

3.2 Data Collection Methods

We collect data through:

• Direct interactions: Information provided directly by users through forms, surveys, or communications.
• Automated technologies: Data collected through cookies, server logs, and similar tracking technologies.
• Third-party sources: Information obtained from insurance companies, healthcare providers, and other partners.

4. Legal Basis for Data Processing

We process personal data based on the following legal grounds:

• Consent: We obtain explicit consent from users before collecting or processing their personal data.
• Contractual Obligations: Data processing is necessary to fulfill the services we offer, such as providing personalized health recommendations.
• Legal Compliance: We process data to comply with legal obligations under Rwandan law and other applicable regulations.
• Legitimate Interests: We may process data to pursue our legitimate business interests, provided that such interests do not override the rights and freedoms of the data subjects.

5. Use of Personal Data

We use personal data for the following purposes:

• Service Delivery: To provide, personalize, and improve our wellness services, including health tracking, fitness plans, and preventive care strategies.
• Communication: To communicate with users, respond to inquiries, and provide customer support.
• Analytics: To analyze user behavior, improve our platform, and develop new features.
• Compliance: To ensure compliance with legal and regulatory requirements, including reporting obligations.
• Security: To protect the integrity and security of our platform and user data.

6. Data Sharing and Disclosure

We may share personal data with third parties under the following circumstances:

• With User Consent: We will share personal data with third parties when we have the user's explicit consent.
• Service Providers: We may share data with trusted third-party service providers who assist us in operating our platform, provided they adhere to strict data protection standards.
• Legal Obligations: We may disclose personal data to comply with legal obligations, including requests from law enforcement or regulatory authorities.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the new owner, subject to this policy's terms.

7. Data Security

We implement robust security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: We use encryption protocols to secure data in transit and at rest.
• Access Controls: We restrict access to personal data to authorized personnel only.
• Regular Audits: We conduct regular security audits to identify and address potential vulnerabilities.
• Data Minimization: We collect and retain only the minimum amount of data necessary for our purposes.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. Once the data is no longer needed, we will securely delete or anonymize it.

9. Data Subject Rights

Users have the following rights regarding their personal data:

• Right to Access:Users can request access to their personal data and obtain a copy.
• Right to Rectification:Users can request corrections to any inaccurate or incomplete data.
• Right to Erasure:Users can request the deletion of their personal data under certain conditions.
• Right to Restrict Processing:Users can request the restriction of data processing in specific circumstances.
• Right to Data Portability:Users can request their data in a structured, commonly used, and machine-readable format.
• Right to Object:Users can object to the processing of their data for certain purposes.

Users can exercise these rights by contacting us at info@apertacura.com.

10. International Data Transfers

If personal data is transferred outside of Rwanda, we will ensure that it is protected in accordance with this policy and applicable data protection laws. We will only transfer data to countries that provide an adequate level of data protection or where appropriate safeguards are in place.

11. Changes & Contact

We may update this policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on our website, and users will be notified of significant changes.
If you have any questions or concerns about this policy or our data protection practices, please contact us at:

Email: info@apertacura.com

Address 1: Norrsken House, Kigali, Rwanda
Address 2: Kamburu Drive, Building: Pine Tree Plaza, Nairobi Kenya