Privacy Notice

LabPoint Limited, Mangu Road, off Thika Superhighway, Thika, Kenya. You can reach us at info@labpoint.co.ke or +254 722 887 362.

We process personal data in accordance with the Kenya Data Protection Act (KDPA) and, where applicable, the EU/UK GDPR.

This Notice covers personal data processed when you use our websites, contact us, procure laboratory or advisory services, participate in training, pilots, or research collaborations, or interact with our AI and analytics platforms.

• Identity & Contact: name, email, phone, organization/role, country.
• Professional/Account: user IDs, login metadata, role/permissions, support tickets.
• Operational/Lab: test requests, metadata, logistics and quality control records. (Clinical results are handled under strict confidentiality and applicable clinical governance.)
• Research: study enrollment metadata, coded datasets, and consent documentation (as applicable).
• Usage & Technical: device/browser info, IP, pages viewed, timestamps, cookies or similar technologies.

• Provide and improve our laboratory, analytics, and digital services.
• Support clinical programs and public health operations where engaged.
• Develop and validate AI/ML models for diagnostics, population health, and operations (see Section 7).
• Respond to inquiries, provide customer support, and manage accounts.
• Fulfil legal, regulatory, and quality management obligations (e.g., ISO 15189, audit logs).
• Security, fraud prevention, and service integrity monitoring (MLOps/DevSecOps).
• Aggregate analytics and reporting to improve performance and user experience.

• Contract: to deliver requested services.
• Legitimate Interests: product improvement, security, quality assurance, R&D (balanced against your rights).
• Consent: where required (e.g., certain research uses, marketing).
• Legal Obligation & Public Interest: compliance with health, safety, and regulatory frameworks.

• Vendors & Sub-processors: secure cloud, analytics, communication, and logistics providers under data protection agreements.
• Clinical/Program Partners: hospitals, public health programs, or research sponsors as permitted by law, contracts, and ethics approvals.
• Legal & Safety: to comply with applicable laws, enforce terms, or protect rights, safety, and security.
• Mergers/Transactions: in corporate events, with appropriate safeguards.

We do not sell personal data.

We build and deploy AI/ML systems for diagnostics, population health, agriculture, and operations. Where feasible, we apply privacy-preserving techniques (e.g., data minimization, pseudonymization, differential privacy or de-identification, and strict access controls). We document model purpose, inputs, and limitations and monitor performance and drift via MLOps.

If automated decision-making significantly affects you (e.g., eligibility or access), we provide meaningful information about the logic involved and your rights to request human review, to express your point of view, and to contest the decision, consistent with applicable law.

Where data are transferred across borders, we implement appropriate safeguards (e.g., Standard Contractual Clauses, data transfer agreements) and ensure vendors meet comparable protection standards.

We retain personal data only as long as necessary for the purposes described, and to meet legal, regulatory, and audit requirements. Research and clinical records may be kept for longer periods consistent with ethics approvals, sponsor requirements, or health regulations. When no longer needed, data are securely deleted or anonymized.

We use administrative, technical, and physical safeguards, including encryption in transit/at rest (where applicable), access controls, audit trails, and secure development practices (DevSecOps). No method is 100% secure; we continuously review and improve our controls.

We may use cookies and similar tools for session management, preferences, analytics, and security. You can adjust cookie settings in your browser. For details or to manage preferences, see our Cookies Policy.

Depending on your jurisdiction, you may have rights to access, correct, update, object, restrict processing, data portability, withdraw consent, or request deletion. To exercise these rights, contact info@labpoint.co.ke. We will verify your identity and respond within statutory timelines.

Our public sites are not directed to children. Any processing of minors’ data in clinical or research contexts follows applicable law, ethics approvals, and consent/ assent requirements.

Our services may link to third-party sites. Their privacy practices are independent of LabPoint; please review their policies.

We may update this Notice from time to time. Material changes will be posted here with a new “Last updated” date.

For privacy questions or requests, email info@labpoint.co.ke. You may also write to: LabPoint Limited, Mangu Road, off Thika Superhighway, Thika, Kenya. If unresolved, you may contact the Office of the Data Protection Commissioner (Kenya) or your local supervisory authority.