Privacy Policy

1. Who We Are

Aya Health operates private healthcare clinics in Ghana and the United Kingdom. Our registered business operates under the trading name "Aya Health," led by Dr. Patrina Ankrah. We are committed to handling all personal data with the highest standards of care, confidentiality, and legal compliance.

For the purposes of this policy, "we," "us," and "our" refer to Aya Health. "You" refers to any individual whose personal data we process.

2. The Information We Collect

We may collect and process the following categories of personal information:

Identity and contact data: your full name, date of birth, address, telephone number, and email address.

Health and medical data: your medical history, current conditions, medications, lifestyle information, test results, and any other health-related information you share with us during consultations.

Payment data: billing information necessary to process payment for our services. We do not store full payment card details on our systems.

Communication data: records of correspondence between you and Aya Health, including emails, messages sent through our contact form, and consultation notes.

Technical data: when you use our website, we may collect standard internet log information such as your IP address, browser type, and pages visited.

3. How We Use Your Information

We use your personal information for the following purposes:

Providing healthcare services: to deliver consultations, create personalised care plans, issue prescriptions, and manage your ongoing care.

Administrative purposes: to manage appointments, process payments, and maintain accurate clinical records.

Communication: to respond to your enquiries, send appointment reminders, and provide relevant health information.

Legal and regulatory compliance: to fulfil our obligations under applicable healthcare regulations and data protection law in Ghana and the United Kingdom.

Service improvement: with appropriate anonymisation, to improve the quality of our services.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Bases for Processing

We process your personal data on the following legal grounds:

Performance of a contract: processing necessary to provide the healthcare services you have requested.

Legal obligation: where processing is required to comply with a legal or regulatory requirement.

Vital interests: where processing is necessary to protect your life or health in an emergency.

Legitimate interests: for purposes such as fraud prevention and service improvement, where these do not override your rights.

Explicit consent: for certain types of sensitive health data, we will seek your explicit consent before processing.

5. Data Retention

We retain your personal and medical data for as long as is necessary to provide services to you and to comply with our legal obligations. In the United Kingdom, medical records are generally retained for a minimum of eight years following the end of treatment for adults. In Ghana, we follow the applicable national health data retention standards.

Where data is no longer required, we ensure it is securely deleted or anonymised.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right of access: to request a copy of the personal data we hold about you.

Right to rectification: to request correction of inaccurate or incomplete data.

Right to erasure: to request deletion of your data in certain circumstances.

Right to restriction: to request that we limit how we use your data.

Right to data portability: to receive your data in a structured, machine-readable format.

Right to object: to object to certain types of processing.

To exercise any of these rights, please contact us using the details in section 9 below. We will respond to your request within 30 days.

7. Data Security

We take the security of your personal and medical information extremely seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or disclosure.

These measures include encrypted storage of medical records, secure access controls, regular security assessments, and staff training on data protection obligations.

In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the relevant regulatory authority as required by law.

8. Cookies and Website Analytics

Our website uses essential cookies to ensure it functions correctly. We may also use analytics tools to understand how visitors use our site. This data is collected in aggregate and is not used to personally identify individuals.

You can control cookie preferences through your browser settings. Please note that disabling certain cookies may affect website functionality.

9. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we handle your data, please contact us:

Email: privacy@ayahealth.com Post: Aya Health, East Legon, Accra, Ghana

If you are based in the United Kingdom and are dissatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify you by email or by posting a prominent notice on our website. The date at the bottom of this page indicates when the policy was last updated.