Avenue Healthcare limited Employee Data Map
1. Employee Personal Data
1A. Data Categories
- Full Name
- Date of Birth
- Gender
- National Identification Number
- KRA Pin
- NSSF and NHIF Details
- Passport/Visa Information (if applicable)
- Contact Information (Address, Phone Number, Email)
- Emergency Contact Details
- Dependents details
1B. Purpose of Processing
- Payroll processing
- Employee benefits administration
- Contacting employees for work-related matters
- Emergency contact during medical situations
- Statutory Taxation and benefits
1C. Legal Basis for Processing
- Contractual necessity (employment contract)
- Legal obligations (taxation and social security laws)
- Vital interests (emergency medical situations)
2. Employee Work Data
2A. Data Categories
- Job Title
- Department
- Work Schedule
- Attendance Records
- Performance Reviews
- Training and Development Records
2B. Purpose of Processing
- Workforce management
- Performance evaluation
- Training and skill development
- Compliance with employment regulationss
2C. Legal Basis for Processing
- Contractual necessity (employment contract)
- Legitimate interests (employee performance evaluation)
3. Employee Health Data
3A. Data Categories
- Health Records (only relevant information for employment purposes)
- Sick Leave Records
- Occupational Health and Safety Data
3B. Purpose of Processing
- Managing sick leave and medical benefits
- Ensuring occupational health and safety
- Compliance with health and safety regulations
3C. Legal Basis for Processing
- Vital interests (health and safety of the employee)
- Legal obligations (occupational health and safety laws)
4. Confidential Data
3A. Data Categories
- Bank Account Details
- Taxation Information
- Disciplinary Records (if applicable)
4B. Purpose of Processing
- Payroll processing
- Taxation purposes
- Compliance with employment regulations
4C. Legal Basis for Processing
- Contractual necessity (employment contract)
- Legal obligations (taxation laws)
5. Data Storage and Access
5A. Data Categories
5B. Data Access
6. Data Retention
Data is retained for the duration of employment
and also after the termination of employment.
Explicit request can be made by employees for
expunging of data within the boundaries of
Kenyan employment and taxation laws.
6. Data Security Measures
-
Controls: Role-based
access controls are implemented to
restrict access to sensitive data.
-
Regular Audits:
Periodic security audits are conducted
to identify and address potential
vulnerabilities.
-
Employee Training:
Staff is trained on data protection
policies and procedures.
8. Data Sharing
Employee data is not shared with third parties
without explicit consent, except where required
by law (e.g., taxation authorities) or in the
case of medical emergencies where sharing health
data is vital for the employee’s well-being.
By mapping out employee data in this manner,
Avenue Healthcare ensures compliance with the
Data Protection Act of Kenya.