AFRIGLOBAL MEDICARE LTD

PRIVACY POLICY

Preamble

Afriglobal Medicare Limited respects your privacy and is committed to protecting your data.

  1. Introduction

This Data Privacy and Protection Policy (the “Privacy Policy”) describes your privacy rights regarding Afriglobal Medicare Limited’s (“Äfriglobal Medicare” “we”, “us” or “our”) collection, use, storage, sharing and protection of your personal identifiers, electronic network activity information, professional information, location information and other types of information. It applies to our platform, website and all related sites, applications, services, and tools (“Services”) regardless of how you access or use them.

This Privacy Policy applies to all forms of systems, operations and processes within our environment that involve the collection, storage, use, transmission, and disposal of Personal Information (described below). It is provided to help you understand what information we collect from you, how the information collected is used, how we protect it, and your rights to it, amongst others. 

This Privacy Policy is strictly restricted to only our Services and therefore does not apply to services that are not owned or controlled by us, including third-party platforms/websites. We are committed to handling all personal data provided to us in compliance with both applicable and model data privacy and protection laws.

By accessing or using our Services in any manner, you indicate to us that you have read and accepted this Privacy Policy and consent to the data practices described in this Privacy Policy.

You agree that upon granting us your consent, you have the legal capacity to give consent and you are aware of your privacy rights and your option to withdraw your consent at any given time.

If you do not accept this Privacy Policy and do not meet or comply with the provisions set forth herein, then you may not use our Services.

           Personal Information

As part of our operations, we collect and process certain types of information (such as name, telephone numbers, address etc.) of individuals that makes them easily identifiable. These individuals include current, past, and prospective employees, suppliers/vendors, customers or former customers, and other individuals whom we communicate or deal with, jointly and/or severally (“Data Subject(s)”).

To use our Services, you will voluntarily provide us with certain Personal Information. Personal Information refers to information relating to an identified person or information that can be used to identify you. We will not share or disclose your Personal Information with a third party without your consent except as may be required for the purpose of providing you with our Services or under applicable legislations.

The following are the information that we collect and process:

  1. Individual personal information (e.g., name, previous names, blood group, health status, genotype, date, and place of birth, etc.);
  2. Individual personal contact details (e.g., address, email address, mobile numbers);
  3. Identify information (e.g., photo ID, nationality, utility bill, national ID card and/or number);
  4. Information about the ways you interact with Afriglobal Medicare (e.g., channels used, geographic information, software used and information concerning your complaints);
  5. Any information received from external authoritative registers required for compliance purposes;
  6. Information captured in customer documentation or data exchange such as application forms or advice documents or via telephone (e.g., records of advice);
  7. Marketing and promotional information (e.g., details of the services we offer and your preferences);
  8. Cookies and similar technologies used to remember your preferences and tailor content;
  9. Data or records of correspondence related to relevant exchanges of information (e.g., emails);
  10. Information to fulfill regulatory obligations (e.g., transaction details, user activity);
  11. Information from other entities (e.g., relevant transaction information)
  12. Information from third parties providing information to identify and manage fraud;
  13. Closed circuit television (CCTV) in and around Afriglobal Medicare facilities (these may collect photos or videos of you); and
  14. Other information about you that is voluntarily provided by filling in online forms or by communicating with us, whether face-to-face or via other available channels (e.g., by phone, email, or online

In providing you with the Services, we may rely on third-party servers located in foreign jurisdictions from time to time, which as a result, may require the transfer or maintenance of your personally identifiable information on computers or servers in foreign jurisdictions. We will endeavour to ensure that such foreign jurisdictions have data protection legislation that is no less than the existing data protection regulations in force in Nigeria and your personally identifiable information is treated in a safe and secure manner.[IS1] 

  1. Provide you with our healthcare services.
    1. Verify your identity (e.g., for authentication purposes).
    1. Deal with your transactions or carry out instructions.
    1. Perform data analytics and understand your preferences and how you use the provided services.
    1. Record keeping and accountability.
    1. Meet compliance and legal obligations such as to comply with the extant Data regulatory framework.
    1. Manage our relationship with you (including any activities you agree to).
    1. Obtain reports of an online problem (e.g., with the Afriglobal Medicare site).
    1. Enforce or defend the rights of a member, staff, or customer of Afriglobal Medicare.
    1. For internal operational support and administrative purposes (e.g., development of our service, audit, and risk management).
    1. Ensure security and Organizational continuity.
    1. For service quality management and service improvement.
    1. Correspond with third parties (e.g., vendors, HMO, regulators, and intermediaries).
    1. To facilitate dissemination of information about our association and events.
    1. For the purpose of registration and participation at our online and offline events.
    1. To respond to and build on any feedback you send us.

We do not collect any unauthorised Personal Information when you visit our website and platform except for the purpose for which you have consented that we do so. For the avoidance of doubt, any Personal Information collected for the purpose of carrying out the Services will be done further to your explicit consent and shall be used only for the purpose communicated.

However, so we can monitor and improve our platform and Services, we may collect non-personally identifiable information. We will not share or disclose this information with third parties except as a necessary part of providing our Services. We may, where applicable, use the information to target advertisements to you.  

We collect Personal Information only for identified purposes and for which consent has been obtained. Such Personal Information cannot be reused for another purpose that is incompatible with the original purpose, except consent is obtained for such purpose.

   Your personal data will be:

a)  collected and processed in accordance with specific, legitimate, and lawful purposes, consented to by you;

b) adequate, accurate and without prejudice to the dignity of human person;

c) stored only for the period within which it is reasonably needed; and

d) secured against all foreseeable hazards and breaches such as theft, cyberattack, viral attack, dissemination, manipulations of any kind, damage by rain, fire, or exposure to other natural elements.

We limit Personal Information collection and usage to data that is relevant,  adequate, and necessary for carrying out the purpose for which the data is processed. We will evaluate whether and to what extent the processing of Personal Information is necessary and where the purpose allows, anonymized data will be used.

We use cookies to identify you as a User and make your user experience easier, customise our Services, content and advertising and where applicable help you ensure that your account security is not compromised. We also use cookies to mitigate risk and prevent fraud and promote trust and safety on our website. Cookies allow our servers to remember IP addresses, date, and time of visits, monitor web traffic and prevent fraudulent activities.

Our cookies never store personal or sensitive information. They simply hold a unique random reference to you so that once you visit our website, we can recognize who you are and provide certain content to you. If your browser or browser add-on permits, you have the choice to disable cookies on our website, however this may impact your experience using our website.

You can accept or decline cookies by modifying your browser setting to decline cookies if you prefer.  

We shall establish adequate controls to protect the integrity and confidentiality of your Personal Information, both in digital and physical format and to prevent your Personal Information from being accidentally or deliberately compromised.

We are committed to managing your Personal Information in line with global industry best practices. We protect your Personal Information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration, we also use industry recommended security protocols to safeguard your Personal Information. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to our building and files and only granting access to your Personal Information to only employees who require it to fulfil their job responsibilities. No Personal Information processing will be undertaken by an employee who has not been authorized to carry such out as part of their legitimate duties.

                  Employees may have access to your Personal Information only as is appropriate for the type and scope of the task in question and are forbidden to use your Personal Information for their own private or commercial purposes or to disclose them to unauthorized persons, or to make them available in any other way.

10.             How We Use the Information You Provide

                  We use the information we collect for business and commercial purposes such as to operate, improve, and develop our Services and to verify your identity and the identities of other members of your company, we also use your information to bill developers for our Services and to transmit payment. We use your information to comply with law, such as for tax reporting purposes and to send you technical notices, updates, security alerts, and administrative messages; to respond to your comments, questions, inquiries, and customer service requests.

                  We use your data to help personalize the Services experience for you to communicate with you about products, services, offers, and events offered or sponsored by Afriglobal Medicare, and to provide news and other information we think may be of interest to you. Information that we collect is also used to monitor and analyse trends, usage, and activities in connection with our Services, to detect and prevent fraud, malicious activity, and other illegal activities. We use your data to protect the rights, privacy, safety, or property of Afrigobal Medicare and others; and for any other purpose described to you when the information was collected.

11.             How We Share the Personal Information You Provide

                  We do not sell, trade, or rent personal information to anyone. However, to enable us to render our Services to you on our platform, we may share your information with trusted third parties, such third parties include financial institutions, payment processors verification services, sanctions screening and identity verification services as well as any third parties that you have directly authorized to receive your Personal Information. Your Personal Information may be stored in locations outside our direct control, for instance, on servers or databases co-located with hosting providers.

               We may disclose your Personal Information in compliance with applicable law or a legal obligation to which we are bound. Please note that third-party sites you engage with through our Services will have their privacy policies, and we are therefore not responsible for their actions, including their information protection practices. The use of your information by such third parties will be subject to their applicable privacy policy, which you should carefully review.

12.          Transfer of Personal Information

               Third Party Processor within Nigeria

We may engage the services of third parties to process the Personal Information of Data Subjects we collect. The processing by such third parties shall be governed by a written contract with us to ensure adequate protection and security measures are put in place by the third party for the protection of Personal Information in accordance with the terms of this Privacy Policy.

                        We may share your information with law enforcement agencies, public or tax authorities or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

  1. comply with a legal obligation, process, or request (including tax and related reporting requirements);
  2. enforce our Terms of Service and other agreements, policies, and standards, including investigation of any potential violation thereof;
  3. detect, prevent, or otherwise address security, fraud, or technical issues; or
  4.  protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).

Please see the list and details of categories of third-party processors we share your personal data with below: (Insert details below).

      13.       Transfer of Personal Information to Foreign Country

                   Where Personal Information is to be transferred to a country outside Nigeria, we shall put adequate measures in place to ensure the security of such Personal Information. In particular, we shall, among other things, confirm whether the country is on the National Information Technology Development Agency (“NITDA”) Whitelist of Countries with adequate data protection laws.

                   Transfer of Personal Information out of Nigeria would be in accordance with the provisions of the Nigeria Data Protection Regulation (“NDPR”). We will therefore only transfer Personal Information out of Nigeria on one of the following conditions:

  1. the consent of the Data Subject has been obtained;
  2. the transfer is necessary for the performance of a contract between us and the Data Subject or implementation of pre-contractual measures taken at the Data Subject’s request;
  3. the transfer is necessary to conclude a contract between us and a third party in the interest of the Data Subject;
  4. the transfer is necessary for reason of public interest;
  5. the transfer is for the establishment, exercise, or defense of legal claims;
  6. the transfer is necessary in order to protect the vital interests of the Data Subjects or other persons, where the Data Subject is physically or legally incapable of giving consent.

               We will take all necessary steps to ensure that your Personal Information is transmitted in a safe and secure manner. Details of the protection given when your Personal Information is transferred outside Nigeria shall be provided to you upon request.9.  

14.       Ground for Processing of Personal Information

Our Lawful Basis for Processing Personal Information

.           We will only use and process your personal data as permitted by the Nigerian Data Protection Regulation 2019 (Nigerian Data Protection Regulation). We have set out below a description of all the legal bases we may rely on to process your personal data:

  1. where you have given us consent to the processing of your personal data for one or more specific purposes;
    1. where processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract;
    1. where processing is necessary for compliance with a legal obligation to which we are subject;
    1. where processing is necessary to protect your vital interests or the vital interests of another natural person, and
    1. where processing is necessary for the performance of a task carried out in the public interest or in exercise of an official public mandate vested in us.

            Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your personal data. Please contact us by sending an email to: (insert email address), if you need details about the specific legal ground we are relying on to process your personal data where more than one ground may have been used to process your personal data.

            For the purpose of this Privacy Policy, consent means any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they, through a statement or a clear affirmative action, signify their agreement to the processing of Personal Information relating to them.

15.      The Data that We Retain

We will retain your Personal Information for as long as is needed to provide our Services to you, comply with our legal and statutory obligations or verify your information with the required verification authorities.

            We are statutorily obligated to retain the Personal Information and data you provide us with to process transactions, ensure settlements, make refunds, identify fraud, holistically carry out our Services and in compliance with laws and regulatory guidelines applicable to us and our service partners. Therefore, even after discontinuance of our Services, we will retain certain Personal Information and transaction data to comply with these obligations.

All Personal Information shall be destroyed by us where possible. For all Personal Information and records obtained, used, and stored by us, we shall perform periodical reviews of the data retained to confirm the accuracy, purpose, validity, and requirement to retain.

          The length of storage of your Personal Information shall, amongst other things, be determined by:

  1. the contract terms agreed between us and the Data Subject or as long as it is needed for the purpose for which it was obtained; or
  2. whether the transaction or relationship has statutory implication or a required retention period; or
  3. whether there is an express request for deletion of the Personal Information by the Data Subject, provided that such request will only be treated where the Data Subject is not under any investigation which may require us to retain such Personal Information or there is no subsisting contractual arrangement with the Data Subject that would require the processing of the Personal Information; or

whether we have another lawful basis for retaining that information beyond the period for which it is necessary to serve the original purpose.

16.       Choices and Rights

Once your Personal Information is held by us, you are entitled to reach out to us to exercise the following rights:

  1. Request access to your personal data (commonly known as a “data subject access request”): This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may notify you of our refusal to comply with your request in these circumstances. Where we have reasonable doubts concerning the identity of the natural person making the request for information, we may request the provision of additional information necessary to confirm the identity of the Data Subject. Where data is held electronically in a structured form, such as in a Database, as the Data Subject, you have a right to receive that data in a common electronic format;
  1. If you want us to establish the data’s accuracy;
  2. Where our use of the data is unlawful but you do not want us to erase it;
  3. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  4. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

17.       Age Restriction

If you access our Services or Platform and you are below 18 years, you represent and warrant that you have obtained consent from your parent(s) or legal guardian(s).  If you have inadvertently provided personal data of a child to us, please notify us at (insert DPO email address) and we will delete such personal data. If as a parent or guardian, you become aware that your child or ward child has provided us with any information without your consent, please contact us through the details provided in this Privacy Policy.

18.    Compliance with Local and International Regulatory Best Practices

We confirm that we comply with the NDPR on data collection, transmission, usage, and protection. We also, for best practices, adopt pertinent best practices per the General Data Protection Regulation (2016/679) (GDPR) to the extent that they do not conflict with Nigerian data protection regulations and laws.

19.    Updates, Modifications and Amendments

We reserve the right to update, modify, change, or revise this Privacy Policy from time to time. The changes will not be retroactive, and the most current version of this Privacy Policy which will always be on this page and will continue to govern our relationship with you. We advise that you check this page often, referring to the date of the last modification on the page. We will also try to notify you of any material changes which could be done via email associated with your account or service notification. By continuing to use our Services after the changes become effective, you agree to be bound by the revised Privacy Policy.

20        Complaints and Remedies

            You may file a complaint in accordance with this privacy policy if you believe that any provision of this privacy policy or your privacy rights have been violated in respect of your personal information or if your access to our Services have been compromised, to enable us to take the necessary steps towards ensuring the security of your Personal Information. All complaint must be addressed to the company by sending an email to our Data Protection Officer using the following contact details: (sanni.idris@afriglobalmedciare.com).

            Please note that, the complaint and resolution procedure is not prejudicial to your right to complain to the data protection authorities (in this case, the National Information Technology Development Agency (NITDA)) using the following contact details:

Address:No. 28, Port Harcourt Crescent,

  Off Gimbiya Street, P.M.B 564, Area 11,

  Garki, Abuja,

  Nigeria.

Email: info@nitda.gov.ng,

We also have a duty of self-reporting of Personal Information breaches to NITDA within 72 hours of being aware of such breach.  

You may also seek redress in a court of competent jurisdiction. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authorities. Kindly contact us in the first instance by sending an email to: (insert email address).

21      Questions and Inquiries

You may also contact us if you have any questions relating to this Privacy Policy or would like to find out more about exercising your data protection rights.

© 2020 Woven Finance Limited  

All questions, comments and requests regarding this policy should be addressed to (insert email address).

If you are in Lagos, we can also be reached at:

Afriglobal Medicare Limited

8 Mobolaji Bank Anthony Way

By Unity Bustop

Ikeja, Lagos.