Privacy Policy

Health data protection and privacy

Last updated: March 2026

ANICNS (National Agency for Clinical Engineering and Digital Health) places the highest importance on protecting your personal and health data. This policy describes how we collect, use, protect, and store your information, in compliance with the Democratic Republic of Congo's regulations on personal data protection and health data confidentiality.

1Data collected

We collect the following data as part of our services: - Identification information: first name, last name, email address, phone number - Professional information: organization, position, healthcare facility - Support data: ticket content, messages, attachments - Technical data: IP address, browser type, access logs - Health data: only within the scope of Hospital Information Systems (HIS) and the Unified Registry of Insured Persons (RUA), with your explicit consent

2Data usage

Your data is used exclusively to: - Provide and improve our technical support services - Manage support tickets and ensure their follow-up - Administer the Unified Registry of Insured Persons (RUA) as part of Universal Health Coverage (UHC) - Ensure the operation of Hospital Information Systems (HIS) - Produce anonymized statistics to improve the health system - Meet our legal and regulatory obligations

3Protection measures

ANICNS implements rigorous security measures to protect your data: - Encryption of all data in transit with TLS 1.3 - Encryption of data at rest with AES-256 - Multi-factor authentication (MFA) for all system access - Strict role-based access control (RBAC) - Complete logging of all access for audit and traceability - Regular security testing and audits of our systems - Ongoing staff training on health data security

4Data storage and sovereignty

All health data is hosted on the territory of the Democratic Republic of Congo, ensuring digital sovereignty. Data is retained for as long as necessary for the purposes for which it was collected, in accordance with the retention periods provided by Congolese regulations. Support ticket data is retained for 3 years after ticket closure. RUA data is retained in accordance with Ministry of Health directives.

5Your rights

In accordance with applicable DRC regulations, you have the following rights: - Right of access: view the data we hold about you - Right of rectification: correct inaccurate or incomplete data - Right to erasure: request the deletion of your personal data - Right to portability: receive your data in a structured format - Right to object: object to the processing of your data To exercise these rights, contact our Data Protection Officer at [email protected].

6Cookies and similar technologies

Our platform uses cookies strictly necessary for the operation of the service (authentication, language preferences, session). We do not use advertising cookies or third-party trackers. Session cookies are deleted when the browser is closed.

7Sharing with third parties

ANICNS never sells, rents, or shares your personal data with third parties for commercial purposes. Data may be shared only in the following cases: - With the Ministry of Public Health, Hygiene and Prevention, within the scope of its public health missions - With partner healthcare facilities, strictly within the scope of the care pathway - Upon judicial requisition, in accordance with Congolese law All data sharing is subject to strict confidentiality agreements.

8Contact

For any questions regarding the protection of your personal data: Data Protection Officer (DPO) Email: [email protected] Address: Boulevard du 30 Juin, Commune de la Gombe, Kinshasa, DRC Phone: +243 81 234 5678