Introduction

Scope of this privacy policy

Please note that this Privacy Policy applies to the mDoc main web pages (i.e., those in https://www.mymdoc.com/ ) and generally to the business of mDoc. If you follow a link to any other website, please check to confirm their policies before you submit any personal information to those websites.

Guiding principles

mDoc is committed to maintaining the principles in the Nigeria Data Protection Act 2023 (NDPA) and the Nigerian Data Protection Regulation (NDPR) regarding the processing of Personal Data.

The collection and processing of your Personal Data shall be in accordance with the legitimate and lawful purpose consented to and shall only be stored for the period, which is reasonably required, provided also that your Personal Data shall be adequately secured against foreseeable hazards within our contemplation.

To demonstrate this commitment as well as our aim of creating a positive privacy culture within mDoc, mDoc adheres to the following basic principles relating to the processing of Personal Data: lawfulness, fairness and transparency; data accuracy; purpose limitation; data minimization; storage limitation; integrity and confidentiality; and accountability.

What type of information do we collect?

The type of information we collect is Personal Data. Personal Data refers to any piece of information that relates to an identified or identifiable living individual or pieces of information, which if collated together can lead to the identification of an individual person.

Personal Data includes data such as email address, phone number, full name, account details, home address, school history, driver's license number, bank account number, passport number etc pertaining to a natural person. It does not include data provided anonymously.

The type of personal data we may collect are as follows:

The Site can be visited without revealing any personal information. However, when registering your details on the Website to enable us better assist you as appropriate, you may be asked to enter personal contact information and/or your company contact information such as your name, email address, mailing address, phone number, or other details to help you with your experience. Where required mDoc will use this information to reply to your inquiries, to provide you with requested services, and to contact you regarding new services.

We may also collect information about your computer system, including where available your IP address, for system administration and to report aggregate information to our webmasters. This is statistical data about our users' browsing actions and patterns which does not identify any individual and allows us to ensure that content from our site is presented in the most effective manner for you and for your computer.

We will only collect information that you voluntarily submit. We know that privacy is of the utmost importance. We vigorously believe in keeping confidential any and all personally identifiable information that identifies an individual whether or not it relates to an individual's past, present, or future physical or mental health condition.

Why we collect Data?

We collect data to enable us process requests or applications which you make, or which are made on your behalf with your consent and to provide you with our services.

We collect data to be able to respond to questions or requests which you submit as well as anticipate and resolve problems with any services we offer to you.

We collect information for the purposes of providing the Services, marketing and promoting our Services to you and for market research data.

We and our partners may also collect personally identifiable information for marketing, user experience monitoring and improvement and related business purposes.

We maintain web logs to record data about all visitors who use this site and interact with the Services, and we will store this information. These logs may contain IP address information, types of operating system you use, the date and time you visited the site, and information about the type of device you use to connect to the Services.

All Web logs are stored securely and are accessible to a very limited number of employees and contractors, who have to adhere to strict guidelines regarding user data security and privacy.

Consent

By using our website (or by ticking the consent box below) you agree to the terms of this Privacy Policy, as to allow us to utilise your data to service you more accurately.

It is important that you read this Privacy Policy together with any other policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy complements other notices and policies and is not intended to override them.

By accessing the services of mDoc and voluntarily providing us with the requested personal information, you consent to the collection and use of the information in accordance with this Privacy Policy. Your consent can be withdrawn at any time by sending a request to that effect to this email: info@mymdoc.com and dpo@mymdoc.com. If you do not consent to the collection, use or disclosure of your personal information as outlined in this policy, please do not provide any personal information to mDoc.

Non-personal identification/cookies technology

What is a cookie? A cookie is a small data file that certain web sites write to your hard drive when you visit them. A cookie file, for instance, may collect user ID information such as items in a shopping cart while navigating a site, but the only personal information a cookie can contain is information you provide. Your user ID or profile information is not stored in cookies.

How do we use cookie technology? We use it in the aggregate as opposed to using any personally identifiable information, to understand how our users collectively use our Site. This helps us continually improve our Site.

Most web browsers are set to accept cookies, but if you prefer not to receive cookies you can set your browser to warn you or refuse cookies all together by turning them off in your browser.

We may also use non-personal information to analyze data into useful information. This process of data mining is done in the aggregate, is non-personal, and allows Company to find correlations and patterns in the data.

Use of information

With your consent, we use your information to fulfill requests to receive information or materials from us, to carry out services for your benefit and to process applications and requests from you.

We do not use your data for any other purpose than for the purposes listed out in this policy and we do not sell, lend or rent any personal data about you to any third parties.

In reviewing enquiries and applications, mDoc may need to disclose patients' personal data to the mDoc internal teams, consultants, and/or others (as it deems reasonably necessary).

mDoc may contact enquirers by e-mail, with updates on resources including the availability of new datasets, and any additions to its integrated healthcare network. From time to time, mDoc may seek views from patients concerning its portfolio. Responses to such enquiries will be voluntary and any feedback used solely for evaluation purposes. In addition, demographical and statistical information about user behaviour may be collected and used to analyse the popularity and effectiveness of certain services and service providers. Any disclosure of this information will be in aggregate form and will not identify individual users.

Security and information collection

We have well-maintained systems for storing and managing your data, and we commit to conscientiously utilising your data in consonance with the provisions of this policy.

We use account information in a password-protected environment as a security measure to protect your data. We use administrative, physical and technical safeguards to protect data. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and some data encryption. Our Site and the Services use industry standard SSL encryption to enhance security of electronic data transmissions. we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

To ensure the secure transmission of your Personal Data, our website employs Secure Sockets Layer/Transport Layer Security (SSL/TLS), this is evident in the padlock symbol in your URL address bar once you are successfully logged into the platform. The URL address will also begin with https://, the “s” indicating that the page is secure. SSL encrypts communication between two points, such as your computer and the connecting server. Any data sent during the session will be encrypted before being sent and decrypted at the receiving end. This is done to ensure that data cannot be read during transmission.

Our website is scanned on a regular basis for security holes and known vulnerabilities inorder to make your visit to our site as safe as possible. Information which you provide to us will ordinarily be stored on our secure servers. By submitting personal information, you agree to this transfer, storing and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We admit however that no website or database is completely secure or “hacker proof” and we only guarantee the safety of your data to the extent of our undertaking all reasonable measures to protect the data.

mDoc will maintain all applicable PCI DSS requirements to the extent that it has access to, or otherwise stores, processes or transmits cardholder data. mDoc is responsible for ensuring the security of your credit card/cardholder data that may be stored, processed, or transmitted on your behalf, in the context of a telehealth visit. mDoc will maintain all applicable PCI DSS requirements to the extent that it has access to, or otherwise stores, processes or transmits cardholder data.

In addition, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible in making sure no one can see or has access to your personal account and log-in/password information. If you use a public computer, e.g., at a library or a university, always remember to log out of the Site or Services.

If you use our Site or Services through your employer's computer network or through an internet café, library or other potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand on your employer's or such other site's privacy and security policy with respect to Internet use.

We are not responsible for your handling, sharing, re-sharing and/or distribution of your personal health information. Moreover, if you forward personal health information electronically to another person on or off the Site or Service, we are not responsible for any harm or other consequences from third party use or re-sharing of your information.

Your rights

You have rights under Nigerian data protection laws in relation to your personal data. It is mDoc's policy to respect your rights and mDoc will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.

Details of your rights are set out below:

You may exercise any of your rights by contacting our team at info@mymdoc.com and dpo@mymdoc.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Data retention and erasure

We generally retain your personal information for as long as is necessary for the purposes we collected it for. To this end, we are committed to maintaining the confidentiality of the personal information.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, and the applicable legal requirements.

You can request to have all your personal information deleted entirely. Please note that if you request the erasure of your personal information, we may retain and use your personal information to the extent necessary to comply with our legal obligations, including but not limited to tax, legal reporting and auditing obligations.

If you would like to know more about the retention periods we apply to your personal data, please contact us at info@mymdoc.com and dpo@mymdoc.com.

Sharing of data/third party sites/trusted relationships

As noted above, the Company is a Business Associate of health care providers under HIPAA and we share information with health care providers who provide services to individuals, and they share information with us, for purposes related to treatment, payment and health care operations, and otherwise as agreed or authorized by you.

We do not sell, trade, or otherwise transfer to outside parties your Personal Data unless we provide users with advance notice. This does not include Website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect our rights or the rights of patients.

Our Site contains links to other sites. We do not share your personally identifiable information with those sites (unless you specifically authorize such sharing) and are not responsible for their privacy procedures. We seek to work with trusted partners and organizations that will adhere to similar privacy and ethical standards. However, we encourage you to learn their particular privacy policies.

We disclose personally identifiable information about you as required or permitted by law, including complying with legal process (for example, we may disclose your information as necessary to comply with an authorized civil, criminal or regulatory investigation). We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities and may, in our sole discretion, disclose personal information or other information to satisfy any law, regulation, subpoena, or government request.

We reserve the right to release personal information or other information about users who we believe are engaged in illegal activities or are otherwise in violation of our Terms of Use, even without a subpoena, warrant or court order, if we believe, in our sole discretion, that such disclosure is necessary or appropriate to operate our web site or to protect our rights or property, or that of our affiliates, or our officers, directors, employees, agents, third-party content providers, suppliers, sponsors, or licensors.

We also reserve the right to report to law enforcement agencies any activities we reasonably believe in our sole discretion to be unlawful. If we are legally compelled to disclose information about you to a third party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us.

Children

By consenting to this policy, you are assumed to be of legal age for the purpose of using this website within the relevant country from where you access this website. This website is not intended for children, and we do not knowingly collect data relating to children except where provided by their legal guardians.

Changes to this privacy policy

We may amend our Privacy Policy in the future. In the event changes are made, we will be sure to post changes at the Site and at other places we deem appropriate.We may amend our Privacy Policy in the future. In the event changes are made, we will be sure to post changes at the Site and at other places we deem appropriate.

Right to lodge a complaint with the regulator

You have the right to lodge a complaint with the National Data Protection Commission (NDPC) if you believe that we have violated your rights under the Nigeria Data Protection Regulation (NDPR) or if you are dissatisfied with our handling of your personal data.

You can contact the NDPC at:

• National Data Protection Commission
• 12 Dr. Clement Isong, Asokoro, Street 900103, Federal Capital Territory

We will cooperate fully with the NDPC in investigating and resolving any complaints, and we will take all necessary steps to remedy any issues that are identified.

Questions or suggestions

If you have any questions or complaints about this Privacy Policy or mDoc's information handling practices, you may email us at: info@mymdoc.com and dpo@mymdoc.com or contact us at:

• mDoc Healthcare Ltd
• 1A Hakeem Dickson Drive
• Off T.F. Kuboye Street,
• Lekki Phase 1, Lagos, Nigeria.
• Phone: +234 817 834 8579.