mDoc Privacy Policy

Code of conduct

Introduction

mDoc Holdings LLC (“we”, “us”, “our” or “Company”) operates the www.mymdoc.com website (“Site”) and provides other telemedicine services. This policy applies to our website as well as to the services and applications we provide, collectively known as the “Services.”

We are committed to ensuring that your personal information shared over our Site and/or Services is protected and kept confidential. By accepting Company's Terms of Use or providing information to us via our Site, you consent to the use and disclosure of personally identifiable information as outlined in this Privacy Policy. Please note that the use and disclosure of such information is also subject to the practices of the health care providers with whom you may interact through the Services, as described in the notice of privacy practices which is provided to you by such providers.

You do not have to create an account to use our service features, such as searching and locating our diagnostic centres. We, however, believe you should always know what data we collect from you and how we use it.

This Privacy Policy also restates our commitment to protect your data on our website, social media platforms, administrative records, cloud storage, and whenever you visit our physical premises.

Scope of this privacy policy

Please note that this Privacy Policy applies to the mDoc main web pages (i.e., those in https://www.mymdoc.com/ ) and generally to the business of mDoc. If you follow a link to any other website, please check to confirm their policies before you submit any personal information to those websites.

Guiding principles

mDoc is committed to maintaining the principles in the Nigeria Data Protection Act 2023 (NDPA) and the Nigerian Data Protection Regulation (NDPR) regarding the processing of Personal Data.

The collection and processing of your Personal Data shall be in accordance with the legitimate and lawful purpose consented to and shall only be stored for the period, which is reasonably required, provided also that your Personal Data shall be adequately secured against foreseeable hazards within our contemplation.

To demonstrate this commitment as well as our aim of creating a positive privacy culture within mDoc, mDoc adheres to the following basic principles relating to the processing of Personal Data: lawfulness, fairness and transparency; data accuracy; purpose limitation; data minimization; storage limitation; integrity and confidentiality; and accountability.

What type of information do we collect?

The type of information we collect is Personal Data. Personal Data refers to any piece of information that relates to an identified or identifiable living individual or pieces of information, which if collated together can lead to the identification of an individual person.

Personal Data includes data such as email address, phone number, full name, account details, home address, school history, driver's license number, bank account number, passport number etc pertaining to a natural person. It does not include data provided anonymously.

The type of personal data we may collect are as follows:

  1. Identity Data: includes data such as first name, maiden name, last name, social media username or similar identifier, marital status, title, date of birth, next-of-kin data, biometric data and gender.
  2. Contact Data: includes data such as home address, email address and telephone number.
  3. Technical Data: includes data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  4. Usage Data: includes data such as information about how you use our website, products and services.
  5. Marketing and Communications Data: includes data such as regarding your preferences in receiving marketing from us and our third parties and your communication preferences.
  6. Health Data: As a Business Associate of health care providers which are covered entities under federal health care privacy and security rules, we collect/maintain protected health information (PHI) in compliance with these rules and our contractual obligations with health care providers. Currently our main focus is providing a platform to allow individuals to receive telehealth Services from various healthcare providers.

The Site can be visited without revealing any personal information. However, when registering your details on the Website to enable us better assist you as appropriate, you may be asked to enter personal contact information and/or your company contact information such as your name, email address, mailing address, phone number, or other details to help you with your experience. Where required mDoc will use this information to reply to your inquiries, to provide you with requested services, and to contact you regarding new services.

We may also collect information about your computer system, including where available your IP address, for system administration and to report aggregate information to our webmasters. This is statistical data about our users' browsing actions and patterns which does not identify any individual and allows us to ensure that content from our site is presented in the most effective manner for you and for your computer.

We will only collect information that you voluntarily submit. We know that privacy is of the utmost importance. We vigorously believe in keeping confidential any and all personally identifiable information that identifies an individual whether or not it relates to an individual's past, present, or future physical or mental health condition.

Why we collect Data?

We collect data to enable us process requests or applications which you make, or which are made on your behalf with your consent and to provide you with our services.

We collect data to be able to respond to questions or requests which you submit as well as anticipate and resolve problems with any services we offer to you.

We collect information for the purposes of providing the Services, marketing and promoting our Services to you and for market research data.

We and our partners may also collect personally identifiable information for marketing, user experience monitoring and improvement and related business purposes.

We maintain web logs to record data about all visitors who use this site and interact with the Services, and we will store this information. These logs may contain IP address information, types of operating system you use, the date and time you visited the site, and information about the type of device you use to connect to the Services.

All Web logs are stored securely and are accessible to a very limited number of employees and contractors, who have to adhere to strict guidelines regarding user data security and privacy.

Non-personal identification/cookies technology

What is a cookie? A cookie is a small data file that certain web sites write to your hard drive when you visit them. A cookie file, for instance, may collect user ID information such as items in a shopping cart while navigating a site, but the only personal information a cookie can contain is information you provide. Your user ID or profile information is not stored in cookies.

How do we use cookie technology? We use it in the aggregate as opposed to using any personally identifiable information, to understand how our users collectively use our Site. This helps us continually improve our Site.

Most web browsers are set to accept cookies, but if you prefer not to receive cookies you can set your browser to warn you or refuse cookies all together by turning them off in your browser.

We may also use non-personal information to analyze data into useful information. This process of data mining is done in the aggregate, is non-personal, and allows Company to find correlations and patterns in the data.

Use of information

With your consent, we use your information to fulfill requests to receive information or materials from us, to carry out services for your benefit and to process applications and requests from you.

We do not use your data for any other purpose than for the purposes listed out in this policy and we do not sell, lend or rent any personal data about you to any third parties.

In reviewing enquiries and applications, mDoc may need to disclose patients' personal data to the mDoc internal teams, consultants, and/or others (as it deems reasonably necessary).

mDoc may contact enquirers by e-mail, with updates on resources including the availability of new datasets, and any additions to its integrated healthcare network. From time to time, mDoc may seek views from patients concerning its portfolio. Responses to such enquiries will be voluntary and any feedback used solely for evaluation purposes. In addition, demographical and statistical information about user behaviour may be collected and used to analyse the popularity and effectiveness of certain services and service providers. Any disclosure of this information will be in aggregate form and will not identify individual users.

Security and information collection

We have well-maintained systems for storing and managing your data, and we commit to conscientiously utilising your data in consonance with the provisions of this policy.

We use account information in a password-protected environment as a security measure to protect your data. We use administrative, physical and technical safeguards to protect data. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and some data encryption. Our Site and the Services use industry standard SSL encryption to enhance security of electronic data transmissions. we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

To ensure the secure transmission of your Personal Data, our website employs Secure Sockets Layer/Transport Layer Security (SSL/TLS), this is evident in the padlock symbol in your URL address bar once you are successfully logged into the platform. The URL address will also begin with https://, the “s” indicating that the page is secure. SSL encrypts communication between two points, such as your computer and the connecting server. Any data sent during the session will be encrypted before being sent and decrypted at the receiving end. This is done to ensure that data cannot be read during transmission.

Our website is scanned on a regular basis for security holes and known vulnerabilities inorder to make your visit to our site as safe as possible. Information which you provide to us will ordinarily be stored on our secure servers. By submitting personal information, you agree to this transfer, storing and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We admit however that no website or database is completely secure or “hacker proof” and we only guarantee the safety of your data to the extent of our undertaking all reasonable measures to protect the data.

mDoc will maintain all applicable PCI DSS requirements to the extent that it has access to, or otherwise stores, processes or transmits cardholder data. mDoc is responsible for ensuring the security of your credit card/cardholder data that may be stored, processed, or transmitted on your behalf, in the context of a telehealth visit. mDoc will maintain all applicable PCI DSS requirements to the extent that it has access to, or otherwise stores, processes or transmits cardholder data.

In addition, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible in making sure no one can see or has access to your personal account and log-in/password information. If you use a public computer, e.g., at a library or a university, always remember to log out of the Site or Services.

If you use our Site or Services through your employer's computer network or through an internet café, library or other potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand on your employer's or such other site's privacy and security policy with respect to Internet use.

We are not responsible for your handling, sharing, re-sharing and/or distribution of your personal health information. Moreover, if you forward personal health information electronically to another person on or off the Site or Service, we are not responsible for any harm or other consequences from third party use or re-sharing of your information.

Your rights

You have rights under Nigerian data protection laws in relation to your personal data. It is mDoc's policy to respect your rights and mDoc will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.

Details of your rights are set out below:

  1. Right to be informed about how personal data is used: you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
  2. Right to access personal data: you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
  3. Right to have inaccurate personal data rectified: you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
  4. Right to have personal data erased in certain circumstances : you have a right to request that certain personal data held by us is erased. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
  5. Right to restrict processing of personal data in certain circumstances: you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us, but you require the personal data to be retained to establish, exercise or defend a legal claim;
  6. Right to data portability: in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e., electronically);
  7. Right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes: you have a right to object to processing being carried out by us if (a) we are processing personal data for the performance of a task in the public interest, (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information.
  8. Right to lodge a complaint with the Commission: if you believe that the processing of your personal data violates data protection law, you also have the right to complain to the data protection supervisory authority.
  9. Right not to be subject to a decision based solely on automated processing of personal data: you have the right to object to solely automated processing of your personal data including profiling, which produces legal or similar significant effects concerning the data subject.

You may exercise any of your rights by contacting our team at info@mymdoc.com and dpo@mymdoc.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Data retention and erasure

We generally retain your personal information for as long as is necessary for the purposes we collected it for. To this end, we are committed to maintaining the confidentiality of the personal information.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, and the applicable legal requirements.

You can request to have all your personal information deleted entirely. Please note that if you request the erasure of your personal information, we may retain and use your personal information to the extent necessary to comply with our legal obligations, including but not limited to tax, legal reporting and auditing obligations.

If you would like to know more about the retention periods we apply to your personal data, please contact us at info@mymdoc.com and dpo@mymdoc.com.

Sharing of data/third party sites/trusted relationships

As noted above, the Company is a Business Associate of health care providers under HIPAA and we share information with health care providers who provide services to individuals, and they share information with us, for purposes related to treatment, payment and health care operations, and otherwise as agreed or authorized by you.

We do not sell, trade, or otherwise transfer to outside parties your Personal Data unless we provide users with advance notice. This does not include Website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect our rights or the rights of patients.

Our Site contains links to other sites. We do not share your personally identifiable information with those sites (unless you specifically authorize such sharing) and are not responsible for their privacy procedures. We seek to work with trusted partners and organizations that will adhere to similar privacy and ethical standards. However, we encourage you to learn their particular privacy policies.

We disclose personally identifiable information about you as required or permitted by law, including complying with legal process (for example, we may disclose your information as necessary to comply with an authorized civil, criminal or regulatory investigation). We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities and may, in our sole discretion, disclose personal information or other information to satisfy any law, regulation, subpoena, or government request.

We reserve the right to release personal information or other information about users who we believe are engaged in illegal activities or are otherwise in violation of our Terms of Use, even without a subpoena, warrant or court order, if we believe, in our sole discretion, that such disclosure is necessary or appropriate to operate our web site or to protect our rights or property, or that of our affiliates, or our officers, directors, employees, agents, third-party content providers, suppliers, sponsors, or licensors.

We also reserve the right to report to law enforcement agencies any activities we reasonably believe in our sole discretion to be unlawful. If we are legally compelled to disclose information about you to a third party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us.

Children

By consenting to this policy, you are assumed to be of legal age for the purpose of using this website within the relevant country from where you access this website. This website is not intended for children, and we do not knowingly collect data relating to children except where provided by their legal guardians.

Changes to this privacy policy

We may amend our Privacy Policy in the future. In the event changes are made, we will be sure to post changes at the Site and at other places we deem appropriate.

Right to lodge a complaint with the regulator

You have the right to lodge a complaint with the National Data Protection Commission (NDPC) if you believe that we have violated your rights under the Nigeria Data Protection Regulation (NDPR) or if you are dissatisfied with our handling of your personal data.

You can contact the NDPC at:

  • National Data Protection Commission
  • 12 Dr. Clement Isong, Asokoro, Street 900103, Federal Capital Territory

We will cooperate fully with the NDPC in investigating and resolving any complaints, and we will take all necessary steps to remedy any issues that are identified.

Questions or suggestions

If you have any questions or complaints about this Privacy Policy or mDoc's information handling practices, you may email us at: info@mymdoc.com and dpo@mymdoc.com or contact us at:

  • mDoc Healthcare Ltd
  • 1A Hakeem Dickson Drive
  • Off T.F. Kuboye Street,
  • Lekki Phase 1, Lagos, Nigeria.
  • Phone: +234 817 834 8579.
...