Terms of Use & Privacy Policy — SHAMS
Last Updated: 01 March 2025
Welcome to Saifee Hospital Arcanum management System, (SHAMS) (“we,” “our,” or “us”). This Terms of Use and
Privacy Policy explains your rights and our responsibilities regarding your personal data, the rules for using the App, and your
rights under Tanzanian law and the PDPA. By using SHAMS, you accept these terms and consent to the processing of your data as
described here.
1. Introduction and Scope
SHAMS is designed to support hospital operations and improve patient care by facilitating secure communication and data exchange among doctors,
nurses, staff, and other authorized personnel. This policy governs:
- The information we collect and how we use it.
- The legal basis for processing your personal data.
- Your rights under Tanzanian law, GDPR, and the PDPA.
- Our responsibilities as a data controller and, where applicable, a data processor.
This policy applies to all SHAMS users, including healthcare professionals and employees of the hospital.
2. Terms of Use
By installing and using SHAMS, you agree to:
- Use it only for legitimate purposes related to hospital operations.
- Keep your login credentials confidential and not share them.
- Provide accurate and updated personal details during registration.
- Notify us of any unauthorized access or security breach associated with your account.
- Comply with any operational instructions issued by hospital administrators.
We reserve the right to suspend or revoke your access if you violate these terms or engage in misconduct involving personal data.
3. Personal and Non-Personal Information We Collect
We collect two types of data:
3.1 Personal Information
You provide this data directly during registration or use:
- Name, age, gender, contact details, address, and email.
- Employee ID (for staff).
- Any additional information you submit as part of SHAMS use.
3.2 Non-Personal Information
This data is collected automatically:
- Device and system information (model, OS version, unique identifiers).
- Log data including IP address, usage statistics, and timestamps.
- Diagnostics data to improve performance and security.
3.3 Notification Data
We collect data related to system and emergency notifications (delivery status, read receipts, timestamps) to ensure reliable hospital operations.
4. How We Use Your Information
We use collected data to:
- Provide, operate, and improve SHAMS features.
- Deliver alerts and notifications to relevant personnel.
- Manage hospital workflows and operational duties.
- Enhance security, monitor performance, and investigate incidents.
- Communicate important updates, emergency alerts, and notices.
- Fulfil legal and regulatory obligations under Tanzanian law, PDPA, and GDPR.
We will not use your data for unrelated purposes without your consent.
5. Legal Basis for Processing
We process your personal data based on one or more of the following grounds required by the PDPA and GDPR:
- Consent – when you explicitly agree to data collection and processing.
- Legitimate Interest – to improve hospital operations and patient care.
- Legal Obligation – to comply with Tanzanian laws and PDPA requirements (Section 3, PDPA [2]).
Processing sensitive data (e.g., medical records) is permitted only with your prior written consent unless otherwise allowed by law.
6. Data Sharing and Disclosure
We do not sell or lease your personal data to third parties. We may share data in limited circumstances:
- Internal use: with hospital administrators and departments for workflow efficiency.
- Service providers: third parties performing data processing or hosting services under confidentiality agreements.
- Legal compliance: with Tanzanian authorities or the PDPC when required by law.
- Protecting vital interests: to prevent harm or ensure safety.
In all cases, we minimise the amount of data disclosed and ensure recipients apply appropriate security standards.
7. Data Registration & Control
As required by the PDPA, we are registered with the PDPC as a data controller and processor. If third parties process data on our behalf, they are registered and operate only under our instructions.
8. Data Protection Principles We Follow
We adhere to the PDPA’s principles of personal data processing [2][3][5][11]:
- Lawfulness and transparency.
- Purpose limitation – data is collected only for stated, legitimate purposes.
- Data minimisation – only the needed amount of data is collected.
- Accuracy – we take reasonable steps to maintain accurate, up-to-date data.
- Storage limitation – data is retained only for as long as necessary.
- Security – we protect data against unauthorized access, disclosure, alteration, or loss.
9. Data Subject Rights
Under the PDPA and GDPR, you have the following rights (§33–38 PDPA) [2][5][11][17]:
- Right to be informed: about how and why we process your data.
- Right of access: request a copy of the data we hold about you.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): ask us to delete your data under certain conditions.
- Right to restriction: limit the processing of your data.
- Right to object: oppose processing for certain purposes.
- Right to data portability: request your data in a structured, machine-readable form.
- Right to withdraw consent: anytime, without explaining why.
- Right to compensation: if unlawful processing causes you harm.
You can exercise your rights by contacting dpo@saifeehospital.co.tz.