Data privacy policy

Background

The surge in the use of information technology necessitated by the need for movement, collection, processing and storage of private data for socio-economic purposes has led to numerous privacy issues. In a bid to protect the rights of individuals and corporate entities to data privacy, a global regime to protect data and the digital economy is now in place to protect data privacy across different stratifications of the global economy.

Therefore, as part of the global economy, the Healthcare Industry is not left out of the need to ensure the privacy and protection of personal information of customers collected, processed, and stored. Hence, the need for the provision of a data privacy policy to institutionalize processes and procedures by which personal information of individual customers, are collected, processed and stored cannot be over-emphasized. More importantly, providing for the rights and protection of customers where their information is shared with our consultants, third party vendors, and partners, in the course of onboarding or rendering services to them.

This Policy is a formal acknowledgment that R-Jolad Hospital Limited is committed to the protection of the rights and privacy of its customers, in accordance with the Nigeria Data Protection Regulation, 2019.

 

R-Jolad Data Privacy Policy

R-Jolad Hospital Limited (hereafter referred to as R-Jolad) takes its customers’ privacy very seriously. This Data Privacy Policy stipulates the basis for the collection, use and disclosure of personal data by R-Jolad in line with the Nigerian Data Privacy Regulation. Personal Data comprises all the details the Company holds or collect on its employees, customers, stakeholders vendors and other interested parties, directly or indirectly, and includes any offline or online data that makes a person identifiable, such as, names, addresses, phone number, passport ID, usernames, passwords, digital footprints, photographs and financial data.

These data may be received from third parties or collected using our website(s), mobile app, and other digital channels.

With this policy, we will ensure that we collect, store and handle data fairly, transparently, and with respect towards individual rights.

 

Scope of this Policy

This Privacy Policy applies to all our customers and beneficiaries, clients, third-party vendors, agents, outsourcing firms, as well as other stakeholders whom we collect personal data from or instruct to collect and process personal data on our behalf.

It is therefore our responsibility as a company to bring this policy to the attention of all interested parties and stakeholders that provides us with their personal data. By providing your personal information or data, you acknowledge that we may use it only in the ways set out in this Privacy Policy. We may provide you with further notices highlighting certain uses we wish to make of your personal information.

From time to time, we may need to make changes to this privacy policy, for example, as a result of changes in government regulations and policies, new technologies, or other developments in data protection laws or privacy generally.

You should check the R-Jolad’s website periodically to view the most up-to-date privacy policy.

Our Privacy Principles:

• Personal information you provide is processed fairly, lawfully, and in a transparent manner.
• Personal information you provide is collected for a specific purpose and is not processed in a way incompatible with the purpose for which R-Jolad collected it.
• Your personal information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
• Your personal information is kept accurate and, where necessary kept up to date.
• Your personal information is kept no longer than is necessary for the purposes for which the personal information is processed.
• We will take appropriate steps to keep your personal information secure.
• Your personal information is processed in accordance with your rights.
• We will only transfer your personal information to another country or an international organisation, where we have taken the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards.
• R-Jolad will not sell your personal information and will also not permit the selling of customer data by any companies who provide a service to us.

How do we collect your personal information?

We collect personal information directly from you:

• Via enquiry, registration form, benefits, feedback forms, and other very important documents forwarded to you to provide us with your personal details;
• When you fill out a survey, or vote in a poll on our website; Through application forms;
• Via our telephone calls with you, which may be recorded;
• When you provide your details to us either online or offline;
• Via live chat, chat box and profilers;
• Through web analytics tags.

We also collect your personal information from several different sources including third parties like:

• Third parties who assist us in checking your details and information when processing benefits entitlements for payment;
• Third parties such as companies who provide consumer classification for marketing purposes; e.g. market segmentation data;
• Contractors, partners, vendors and consultancy firms we have engaged with requisite contractual obligation to collect personal data of customers in line with this policy;

Our Legitimate Basis  for processing your personal data
Set out below is a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. 

Purpose/Activity  Lawful basis for processing  
To register you as a new customer  (a)Performance of a contract with you and
 (b) your consent  
To manage our relationship with you which will include: 
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey (a) Performance of a contract with you
 (b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests to keep our records updated and to study how customers use our products/services 
(d) your consent
To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)  (a) Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise 
(b) Necessary to comply with a legal obligation 
To deliver relevant content and advertisements to you and measure and understand the effectiveness of our advertising  Necessary for our legitimate interests to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy  

 

What personal information do we collect?

As a licensed healthcare service provider, we collect the following information relating to your personal data via the Registration Form and other relevant documents.

Where R-Jolad is the data controller of your personal information, we may collect the following about you:

• Personal information – contact details such as name, email address, residential address and telephone number;
• Identification information such as your date of birth, national identity number or NIMC number, bank verification number (BVN), and other identification numbers on your passport, driving license and other valid means of identification;
• Financial information; such as, bank details;
• Information relevant to your registration with us during the onboarding process;
• Corporate information such as company name, certificate of incorporation, nature of business, registered address of company, etc;
• Sensitive personal information such as religious affiliation and marital status.
• Medical records and history

 

Privacy of Children

We respect the privacy of children. We do not knowingly collect names, email addresses or any other personally identifiable information from children, except where this is required to register them as dependents in relation to our customer. However, registration of children below the age of 18 years for the purpose of eligibility to access healthcare services can only be done through an elected guardian.

How do we use your personal information?

Under data protection laws, we need a reason to use and process your personal information and this is called a legal ground. We have set out below the main reasons why we process your personal information and the applicable circumstances when we will do so:

• Processing of your information or personal data is necessary in order to establish a data base of our customers for us to provide a seamless administration of healthcare;
• To easily communicate with you with respect to our operations;
• We may use Cloud storage solutions within or outside Nigeria, which are chosen to ensure efficiency and improved performance through up-to-date technology;
• Where we have a legal or regulatory obligation to use such personal information, for example, when our regulators, such as, Economic and Financial Crimes Commission(EFCC), Nigeria Financial Intelligence Unit (NFIU) and our data protection regulator, the National Information Technology Development Agency (NITDA), require us to maintain certain records of any dealings with you;
• Where we need to use your personal information to establish, exercise or defend our legal rights; for example, when we are faced with any legal claims, or where we want to pursue any legal claims ourselves;
• Where we need to use your personal information for reasons of substantial public interest, such as investigating medical malpractice and carrying out fraud, credit and anti-money laundering checks, identification checks;
• Where we need to communicate with you to resolve complaints or other issues;
• Where you have provided your consent to our use of your personal information;
• We will usually only ask for your consent in relation to processing your sensitive personal information. This will be made clear when you provide your personal information. If we ask for your consent, we will explain why it is necessary;
• Where you provide sensitive personal information about a third party, we may ask you to confirm that the third party has provided his or her consent for you to act on their behalf;
• Where we have appropriate legitimate business need to use your personal information such as maintaining our business records, developing and improving our products and services, all whilst ensuring that such business need does not interfere with your rights and freedoms and does not cause you any harm.

 

Whom do we share your personal information with?

We will not share any of your personal information other than for the purpose described in this Privacy Policy.

 

Disclosures to third parties.

We may also disclose your information to the third parties listed below for the purposes described in this Privacy Policy. This might include:

• Your relatives or, guardians (on your behalf where you are incapacitated or unable to function or act) or other people or organizations associated with you, such as, your lawyer;
• Fraud detection agencies and other third parties who operate and maintain fraud detection registers;
• The police and other third parties or law enforcement agencies, where it is reasonably necessary for the prevention or detection of crime;
• For the purpose of providing customer information for the establishment of a rich healthcare industry database;
• Our third-party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies and tax advisers;
• Other suppliers, providers of goods and services associated with the full implementation of our operational objectives as a healthcare service providers;
• Customer satisfaction survey providers;
• Financial organisations and advisers;
• Disclosure of your personal information to a third party will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them.

We may also disclose your personal information to other third parties where:

• We are required or permitted to do so by law or by regulatory bodies, such as, where there is a court order or statutory obligation;
• We believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest;
• Exemptions under the data protection legislation allow us to do so.

Where we make a transfer of your personal information outside of Nigeria, in all cases where personal data is transferred to a country which is deemed not to have the same standards of protection for personal data as Nigeria, R-Jolad will ensure appropriate safeguards have been implemented to ensure that your personal information is protected where standards are not the same or similar to those standards within Nigeria. Such steps may include placing the party we are transferring personal information to under contractual obligations to protect it to adequate standards.

 

How long do we keep records for?

We keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. The length of time we retain personal information for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

 

Customer’s Rights

You can ask us to do various things with your personal information. For example, at any time, you can ask us for a copy of your personal information, ask us to correct mistakes, change the way we use your information, or even delete it. We will do either what you have asked or explain why we cannot – usually because of a legal or regulatory issue.

You have the following rights in relation to our use of your personal information

• The right to access your personal information: You are entitled to a copy of the personal information we hold about you and certain details of how we use it. Your personal information will usually be provided to you in writing, unless otherwise requested.

• The right to rectification: We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us by using the details shown in your documentation and you can ask us to update or amend it.

• The right to erasure: In certain circumstances, you have the right to ask us to erase your personal information, for example, where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors; for example, according to the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.

• Right to restriction of processing: In certain circumstances, you are entitled to ask us to stop using your personal information, for example, where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.

• Right to data portability: In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your personal information.

• The right to withdraw consent: For certain use of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.

From time to time, we may run specific marketing campaigns through social media and digital advertising that you may see, which are based on general demographics and interests. Individual personal information is not used for these campaigns. If you do not want to see any campaigns, then you will need to adjust your preferences within social media settings and your cookie browser settings.

If you do not want to receive such promotional materials from us, you can opt out at any time by sending an email to wecare@rjolad.com

 

Our Contact Information:

If you would like any more information about the way we use your information, or if you wish to exercise the rights listed above, please contact us using the details below:

 

Abiodun Bright

The Data Protection Officer,

R-Jolad Hospital Nigeria Limited,

1 Akindele Street, New Garage, Gbagada, Lagos. 

Email: abiodun.bright@rjolad.com 

Website: www.rjolad.com

 

You have a right to complain to the Information Regulator if you think that your information has been misused. The contact details are:

National Information Technology Development Agency (NITDA)

Tel: +234929220263, +2348168401851, +2347052420189 Website: www.nitda.gov.ng