Last Updated: May 11, 2026
Effective Date: May 1, 2025
1. Introduction
Michoes Medical Centre (“we,” “us,” “our,” or “the Centre”) is committed to protecting the privacy and confidentiality of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our facility, use our website, book appointments, or access our patient portal.
We are located in Kanyum, Kumi District, Eastern Uganda. We comply with the Uganda Data Protection and Privacy Act, 2019 and all applicable healthcare regulations.
2. Information We Collect
We may collect the following types of information:
A. Personal Identification Information
- Full name, date of birth, gender, national ID number
- Contact details (address, phone number, email address)
- Emergency contact information
B. Medical/Health Information
- Medical history, diagnosis, treatment plans
- Lab results, imaging reports, prescriptions
- Vaccination records, allergies, chronic conditions
- Notes from consultations with our doctors and nurses
C. Payment & Insurance Information
- Billing details, payment history
- Health insurance policy number and claims data
D. Technical & Website Usage Data
- IP address, browser type, device information
- Pages visited, time spent on our website
- Cookies and similar tracking technologies (see Section 9)
3. How We Collect Your Information
We collect information in the following ways:
- Directly from you: When you register as a patient, fill out forms, consult with our medical staff, or contact us via phone, email, or in person.
- Automatically: Through our website, patient portal, and CCTV systems (for security purposes).
- From third parties: With your consent, we may receive information from referring doctors, laboratories, pharmacies, or your insurance provider.
4. How We Use Your Information
We use your information for legitimate healthcare and operational purposes, including:
- Providing medical diagnosis, treatment, and preventive care
- Scheduling appointments and sending reminders
- Processing payments and insurance claims
- Maintaining accurate medical records as required by Ugandan law
- Communicating with you about lab results, prescriptions, or follow-up care
- Improving our services, training staff, and conducting internal quality audits
- Protecting against fraud, security incidents, or legal claims
- Complying with public health reporting requirements (e.g., infectious disease notifications)
We will NEVER sell your personal or medical information to third parties.
5. Legal Basis for Processing (For GDPR/International Patients)
If you are a resident of the European Economic Area (EEA) or other jurisdictions with similar laws, we process your data based on:
- Consent: You have given clear permission for us to process your data for specific purposes.
- Contract: Processing is necessary for your medical treatment (which constitutes a service contract).
- Legal obligation: We are required by Ugandan law to maintain medical records.
- Vital interests: Processing is needed to protect someone’s life or health.
- Legitimate interests: Improving our services and preventing fraud.
6. How We Share & Disclose Your Information
We may share your information only in the following circumstances:
| Recipient | Purpose | Basis |
|---|---|---|
| Other healthcare providers (specialists, labs, pharmacies) | Continuity of your care | Medical necessity |
| Your health insurance company | Claims processing and reimbursement | Your consent / contract |
| Public health authorities (e.g., Uganda Ministry of Health) | Reportable diseases, vital statistics | Legal obligation |
| Law enforcement or courts | In response to a valid court order or subpoena | Legal obligation |
| Our IT and cloud service providers | Secure data storage and system maintenance | Data processing agreement |
We require all third parties to respect the security of your data and treat it in accordance with the law.
7. Data Security
We implement robust security measures to protect your information, including:
- Physical security: Locked medical records cabinets, secure facility access, 24/7 CCTV surveillance
- Technical security: Encrypted electronic medical records (EMR), firewalls, antivirus software, secure login credentials
- Administrative security: Staff confidentiality agreements, regular privacy training, limited access based on role (need-to-know basis)
While we strive to use commercially acceptable means to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
8. Data Retention
We retain your medical records for the period required by Ugandan law (currently a minimum of 10 years from the date of your last visit, or longer for minors as specified by regulations).
After the retention period expires, we will securely destroy or anonymize your data so that it can no longer be linked back to you.
9. Cookies & Tracking Technologies
Our website uses cookies to:
- Remember your preferences and language settings
- Analyze website traffic (e.g., Google Analytics anonymized data)
- Improve site functionality and load times
You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, some parts of our website may not function properly without them.
10. Your Rights
Depending on your location and applicable law, you may have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal and medical information we hold about you.
- Right to Rectification: Ask us to correct inaccurate or incomplete information.
- Right to Erasure (“Right to be Forgotten”): Request deletion of your data, subject to legal retention requirements.
- Right to Restrict Processing: Ask us to limit how we use your data in certain circumstances.
- Right to Data Portability: Request a digital copy of your data to transfer to another provider.
- Right to Object: Object to certain uses of your data (e.g., marketing communications).
- Right to Withdraw Consent: Withdraw previously given consent at any time (this will not affect the lawfulness of processing before withdrawal).
To exercise any of these rights, please contact our Privacy Officer using the details in Section 12.
11. Children’s Privacy
We provide medical services to minors only with the consent of a parent or legal guardian. We do not knowingly collect personal information from children under 18 without verifiable parental consent. If you believe we have collected such information without proper consent, please contact us immediately.
12. Contact Us & Data Protection Officer (DPO)
If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your data, please contact:
Privacy Officer
Michoes Medical Centre
P.O. Box 211, Kumi, Uganda
Phone: +256701364362
Email: privacy@michoes.app
In-person: Reception desk, Kanyum, Kumi District
13. Your Right to Complain
If you believe we have violated your data protection rights, you have the right to lodge a complaint with the relevant supervisory authority:
Uganda Personal Data Protection Office (PDPO)
Website: www.michoesmedicalcentre.com
Or contact the Uganda Ministry of ICT and National Guidance.
We would, however, appreciate the opportunity to address your concerns directly first. Please contact us before approaching any external body.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legal requirements, our practices, or technology. Any changes will be posted on this page with an updated “Last Updated” date. For significant changes, we will notify you via prominent notice on our website or direct communication (e.g., email or SMS for active patients).
By visiting Michoes Medical Centre, using our website, or providing us with your information, you acknowledge that you have read and understood this Privacy Policy.
Who we are
Our website address is: https://www.michoesmedicalcentre.com.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where your data is sent
Visitor comments may be checked through an automated spam detection service.


