Orbit Health — eHealth IT Services PLC
Last updated: June 29, 2026
Contents
- 1. Introduction
- 2. Information We Collect
- 3. Health & Sensitive Data
- 4. How We Use Information
- 5. Legal Basis for Processing
- 6. How We Share Information
- 7. App Permissions (Mobile)
- 8. Data Retention
- 9. Data Security
- 10. Your Rights & Choices
- 11. Children’s Privacy
- 12. International Data Transfers
- 13. Third-Party Links & Services
- 14. Changes to This Policy
- 15. Contact Us
1. Introduction
Orbit Health is operated by eHealth IT Services PLC (“Orbit Health”, “we”, “us”, or “our”), located at Goro IT Park BPO Building, 4th Floor, Addis Ababa, Ethiopia. We provide digital health solutions including Electronic Health Record (EHR) and practice management systems, the Personal Health Record (PHR) mobile application, financial/health-wallet solutions, and public health data analytics tools (collectively, the “Services”).
This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website (orbithealth.co), our mobile applications, or any related Services. It applies to patients, healthcare providers, partners, and visitors.
By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Services.
2. Information We Collect
2.1 Information you provide directly
- Account information: full name, email address, phone number, date of birth, username/password
- Profile and identity details: national ID, gender, address, emergency contact
- Career/partnership form data: resume/CV, organization name, phone number (submitted via our “Work with Us” forms)
- Communications: messages, support tickets, and feedback you send to us
- Payment and billing details when using financial or health-wallet features
2.2 Information collected automatically
- Device information: device model, operating system, unique device identifiers, mobile network information
- Log data: IP address, browser type, pages visited, time/date of visits, app crash logs
- Usage data: features used, appointment activity, in-app interactions
- Cookies and similar tracking technologies on our website (see Section 13)
2.3 Information from third parties
- Information shared by healthcare providers, hospitals, or clinics using our EHR systems on your behalf
- Information from partners providing insurance, payment, or financing services
3. Health & Sensitive Data
Because Orbit Health provides EHR and Personal Health Record services, we may collect and process sensitive health information, including:
- Medical history, diagnoses, and treatment records
- Medications, prescriptions, and dispensation records
- Vital signs, lab results, and clinical notes
- Appointment and visit history
- Insurance and health-financing information
We treat health information as highly sensitive. It is collected and processed only to deliver the Services (e.g., enabling care coordination between you and your healthcare provider), and access is restricted to authorized personnel, your treating provider(s), and systems strictly necessary to operate the Services.
4. How We Use Information
- To provide, operate, and maintain the EHR, PHR, financial, and analytics Services
- To facilitate appointment scheduling, medication management, and care coordination between patients and providers
- To process payments and health-wallet transactions
- To generate aggregated, de-identified public health insights and analytics
- To communicate with you, including service updates, newsletters (if subscribed), and support responses
- To process career and partnership applications submitted through our website
- To detect, investigate, and prevent fraud, abuse, or security incidents
- To comply with legal and regulatory obligations applicable in Ethiopia and other jurisdictions where we operate
- To improve and develop new features of the Services
5. Legal Basis for Processing
Depending on your location, we process personal data on one or more of the following bases: your consent, performance of a contract with you (or your healthcare provider), compliance with legal obligations (e.g., health record-keeping laws), and our legitimate interests in operating and improving the Services, provided those interests do not override your fundamental rights.
6. How We Share Information
We do not sell your personal or health information. We may share information in the following circumstances:
| Recipient | Purpose |
|---|---|
| Healthcare providers / facilities | To deliver care coordinated through our EHR/PHR platforms |
| Service providers & sub-processors | Hosting, cloud storage, payment processing, analytics, customer support (under confidentiality and data-protection obligations) |
| Insurance & financing partners | Only where you use Health Wallet or insurance-related features |
| Legal & regulatory authorities | Where required by law, court order, or to protect rights, safety, or property |
| Business transfers | In connection with a merger, acquisition, or sale of assets, subject to confidentiality protections |
7. App Permissions (Mobile)
Our mobile application(s) may request the following device permissions, used only for the stated purpose:
| Permission | Purpose |
|---|---|
| Camera / Photos | Upload profile photo, scan documents or prescriptions |
| Storage | Save and upload medical records, attachments, or CV files |
| Notifications | Appointment reminders, medication alerts |
| Location (optional) | Find nearby health facilities (only with your permission) |
| Contacts (optional) | Add emergency contact details, with your explicit consent |
You can manage or revoke these permissions at any time through your device settings.
8. Data Retention
We retain personal and health information for as long as necessary to provide the Services, comply with legal and medical record-keeping requirements, resolve disputes, and enforce our agreements. Health records may be subject to longer statutory retention periods required by applicable healthcare regulations. When no longer needed, data is securely deleted or anonymized.
9. Data Security
We implement administrative, technical, and physical safeguards designed to protect personal and health information, including encryption in transit and at rest, access controls, role-based permissions, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
10. Your Rights & Choices
Depending on your jurisdiction, you may have the right to:
- Access, correct, or update your personal information
- Request deletion of your personal data, subject to legal/medical retention requirements
- Withdraw consent for optional data processing (e.g., marketing, location access)
- Request a copy of your data in a portable format
- Object to certain processing activities
- Unsubscribe from our newsletter at any time via the link in our emails
To exercise these rights, contact us using the details in Section 15.
11. Children’s Privacy
Our Services are not directed to children under 13, and we do not knowingly collect personal information from children without parental/guardian consent. Where our Services are used to manage a minor’s health records, this is done by or with the consent of the minor’s parent, guardian, or authorized healthcare provider.
12. International Data Transfers
Your information may be stored and processed in Ethiopia or other countries where our service providers operate. We take steps to ensure appropriate safeguards are in place when data is transferred across borders, consistent with applicable data protection laws.
13. Third-Party Links, Cookies & Analytics
Our website may use cookies and similar technologies to improve functionality and analyze usage. Our website and Services may also contain links to third-party sites (e.g., social media, Google Forms for demo requests) which have their own privacy policies; we are not responsible for their practices. You can control cookies through your browser settings.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last updated” date at the top of this page indicates when changes were last made. Continued use of the Services after changes take effect constitutes acceptance of the revised policy.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
- eHealth IT Services PLC (Orbit Health)
- Goro IT Park BPO Building, 4th Floor, Addis Ababa, Ethiopia
- Phone: +251-911-413709
- Email: info@orbithealth.co
- Website: orbithealth.co
↑ Back to top © 2026 Orbit Health (eHealth IT Services PLC). All rights reserved.