Data Protection & Privacy Compliance Statement

Policy Statement

Jos•Hansen (JHS) is committed to protecting the privacy, confidentiality, integrity, and security of personal, medical, scientific, operational, and business information entrusted to us through our healthcare, life sciences, environmental, veterinary, agricultural, and technology operations.

As a provider of medical technologies, diagnostics, pharmaceuticals, healthcare solutions, and related scientific services across Africa and international markets, JHS recognizes the critical importance of responsible data governance and secure information management. We process personal and sensitive data lawfully, fairly, transparently, and only for legitimate operational, regulatory, scientific, contractual, and healthcare purposes.

JHS maintains appropriate technical, administrative, and organizational safeguards to protect information against unauthorized access, disclosure, misuse, alteration, loss, or destruction. Our data protection framework aligns with applicable international and national privacy and healthcare information standards, including the General Data Protection Regulation, Health Insurance Portability and Accountability Act, and the Data Protection Act 2019.

We are committed to maintaining stakeholder trust through ethical data handling, cybersecurity resilience, accountability, transparency, and continuous improvement in information protection practices across all areas of our operations.

Our Commitment to Data Protection and Privacy

Jos•Hansen is committed to:

Upholding global best practices in healthcare information governance.

We continuously review and strengthen our compliance systems to align with evolving international and regional privacy regulations.

Regulatory and Legal Compliance Framework

JHS aligns its operations with applicable international, regional, and national data protection and healthcare privacy regulations.

International Compliance Frameworks

Health Insurance Portability and Accountability Act (HIPAA) – United States

JHS adheres to the principles of HIPAA where applicable in handling Protected Health Information (PHI), particularly in relation to medical technologies, diagnostic systems, healthcare data processing, patient confidentiality, and secure transmission of medical information.

Our systems and operational procedures support administrative, physical, and technical safeguards; confidentiality and integrity controls; and controlled access to sensitive healthcare information.

General Data Protection Regulation (GDPR) – European Union

Given our partnerships with international manufacturers and organizations including entities operating within Germany and the European Union, JHS aligns its privacy practices with GDPR principles including lawful basis for processing, data minimization, purpose limitation, storage limitation, accuracy, accountability, privacy by design and by default, data subject rights protections, and cross-border data transfer safeguards.

JHS respects the rights of individuals regarding access to personal data, rectification, erasure, restriction of processing, data portability, and objection to processing.

International Organization for Standardization (ISO)

JHS supports alignment with ISO 27001 (Information Security Management), ISO 27701 (Privacy Information Management), ISO 13485 (Medical Devices Quality Management), and ISO 9001 (Quality Management Systems). These frameworks guide our internal controls, cybersecurity governance, documentation management, and operational integrity.

Kenya Data Protection Compliance

As a company operating within Kenya and across Africa, JHS complies with the requirements of the Data Protection Act 2019, including lawful processing, data subject consent management, data protection impact assessments, data breach reporting obligations, protection of sensitive personal data, secure storage and processing of health information, and third-party processor accountability. JHS recognizes the authority of the Office of the Data Protection Commissioner.

Germany and European Data Protection Alignment

In recognition of our roots in German engineering excellence and our partnerships with European manufacturers and institutions, JHS aligns relevant operations with the German Federal Data Protection Act (BDSG), EU GDPR standards, and medical device and healthcare information governance regulations applicable within the EU.

Protection of Sensitive Health Information

JHS recognizes healthcare and medical information as highly sensitive data requiring enhanced protection. We apply safeguards to patient information, diagnostic data, laboratory records, clinical and pharmaceutical information, research datasets, medical imaging data, employee health records, and veterinary and environmental surveillance data.

Access to sensitive information is strictly controlled through role-based access controls, confidentiality agreements, authentication protocols, data encryption measures, secure infrastructure environments, and controlled retention and disposal procedures.

Cybersecurity and Information Security

To protect digital systems and healthcare infrastructure, JHS implements cybersecurity measures including secure IT infrastructure, network protection protocols, data encryption technologies, password and access management controls, secure backup systems, malware and ransomware protection, monitoring and incident response procedures, and vendor and third-party risk assessments.

We continuously strengthen our systems to support resilience against evolving cyber threats affecting healthcare and critical infrastructure sectors globally.

Ethical Data Handling and Responsible Innovation

JHS is committed to ethical data governance and responsible innovation. We ensure responsible use of emerging technologies, ethical management of scientific and research data, respect for human dignity and confidentiality, transparency in information handling, and accountability in digital health operations.

We do not sell personal health information and only process personal data for legitimate operational, medical, scientific, regulatory, contractual, or legal purposes.

Third-Party and Partner Compliance

Where third-party service providers or partners process data on our behalf, we require confidentiality obligations, data processing agreements, appropriate security controls, regulatory compliance assurances, and responsible data management practices.

Data Retention and Records Management

JHS maintains records management practices designed to ensure secure retention, controlled archival procedures, timely deletion or anonymization where appropriate, and compliance with legal and operational retention requirements. Records are retained only for as long as necessary to fulfill legal, regulatory, operational, scientific, and contractual obligations.

Data Subject Rights

Individuals whose personal data is processed by JHS may have rights including: right to access information, right to correction of inaccurate data, right to withdraw consent where applicable, right to object to certain processing activities, right to request deletion subject to legal obligations, and right to raise concerns regarding data handling practices. Requests relating to personal data may be submitted through our designated compliance and privacy channels.

Compliance Governance

JHS maintains internal governance structures that support regulatory compliance oversight, information security accountability, staff awareness and confidentiality training, risk management, and continuous monitoring and policy improvement. Our leadership is committed to embedding privacy, cybersecurity, and ethical compliance into all operational and strategic functions.

Commitment to Trust and Responsible Healthcare Delivery

At Jos•Hansen, data protection and privacy are integral to our mission of delivering innovative, preventive, and curative life sciences solutions across Africa and beyond. Through strong governance, ethical responsibility, and secure digital practices, JHS continues to position itself as a trusted partner in global healthcare, medical technologies, environmental sciences, and sustainable development.