INTRODUCTION
MOTHER AND CHILD HOSPITALS LIMITED (‘’Mother and Child Hospitals” or “Us” or “We”) needs to gather and use certain personal data to fulfill its obligations to you (“User”). We respect the trust you place in us when providing us with your data, and we are completely committed to preserving, protecting, and safeguarding your rights in accordance with the applicable principles of data privacy.
This Privacy Policy outlines the information we collect from you, why we collect such data, how we use the data, how you can control the data and how we manage, store, protect, share, retain or delete your data.
WHAT IS PERSONAL DATA?
Personal Data means any information in any form that pertains to an individual which can be used to identify such an individual. Personal Data does not include publicly available information, anonymous or non-personal data.
WHAT PERSONAL DATA DO WE COLLECT & PROCESS?
We collect and maintain personal information on this website in various forms to administer care or for pre-contractual measures. You can choose to submit personal data, including Biodata (such as name, address, email, telephone number, date of birth, emergency contact, HMO number), nationality, marital status, occupation and health information.
Other types of data we process:
a) When you visit the website
When you visit our website, certain information is automatically sent by the browser used on your device to our website servers. This information is stored temporarily in what is called a log file. The following information may be collected during this process without any action on your part: IP address of the requesting computer and location based on this, Date and time of access, Name and URL of the requested file, Website from which access is obtained (Referrer URL), Browser used and, where applicable, your computer’s operating system and the identity of your access provide. We also use cookies, analysis services and social media plugins when you visit our website.
The specified data are processed by us and our website partners to ensure that the website can establish a connection smoothly, ensure that our website is easy to use, analyze system security and stability, as well as for additional administrative purposes.
b) When you subscribe to our newsletter
We may use your name and e-mail address to send you our newsletter if you have provided your express consent. Stating an e-mail address is sufficient for receiving the newsletter.
You can unsubscribe at any time by using the link at the end of each newsletter or by contacting us using the contact details provided for you to contact us or the Data Protection Officer.
c) When you use our contact form, inquire about a service or book an appointment
We offer you the possibility to contact us via a contact form provided on the website. A valid e-mail address is required for this so that we know who the inquiry is coming from and can respond to it. You may provide additional information on a voluntary basis.
WHERE DO WE GET YOUR DATA?
As a general rule, Mother and Child Hospitals collects Personal Data directly from you. In most circumstances where the Personal Data that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you or implied from your actions).
From time to time, we may utilize the services of third parties and may also receive Personal Data collected by those third parties during the performance of their services for us or otherwise. Where this is the case, we will take reasonable steps to ensure that such third parties have the right to disclose your Personal Data to us.
We may collect information about you without your knowledge or consent where permitted or required by applicable law or regulatory requirements.
DATA MINIMISATION
Mother and Child Hospitals would only collect such personal data which it directly requires for carrying out its business, fulfilling its obligations or for any other purpose noted in this Privacy Policy.
You are at liberty to request information about any data requested of you to ensure that it is limited to what is required.
DATA SHARING
Mother and Child Hospitals is responsible for the management of your data during such data transfers and shall ensure that maximum security is ensured for the safety of your data.
We may share your Personal Data with third parties such as employees, vendors, contractors, partners, consultants and other parties who require such data to assist us in administering care, or for the purpose of carrying on our business. When we share Personal Data with such third parties, we require that they only use or disclose such data in a manner consistent with the use and disclosure provisions of this Privacy Policy.
We may share Personal Data with such parties in and/or outside Nigeria, and as a result, your personal data may be collected, used, processed, stored, or disclosed in other countries. We only transfer data to an entity in another country where permitted under the Nigeria Data Protection Act and the Nigeria Data Protection Regulation and only to countries with an adequate level of data protection. Where we are required to share your data with a country not listed by NDPC NITDA as having adequate levels of protection for personal, we will only do so with your consent. We do not sell your personal data to third parties.
Where we are required to share data with a third party, we expect that they comply with all relevant requirements of all applicable data protection legislation, including all statutes, existing instruments, common law, regulations, directives, codes of practice, decisions, recommendations, and the like (whether in Nigeria or any other relevant jurisdiction) with which the Company is legally obliged to comply, concerning the protection and/or processing of Personal Data which may be provided by Mother and Child Hospitals.
Mother and Child Hospitals disclaims any transfer of liability or claim of shared liability from the third parties, for data breaches or infringement of the privacy rights of any data subject caused by the failure of the third party to undertake any of their responsibilities under the applicable data protection legislation and under this Agreement.
In the event that personal data is shared by one Party with the other Party in the course of performing any obligations under this Agreement, the disclosing Party shall ensure that it has all necessary consents and notices in place to enable lawful transfer of the Personal Data to the receiving party for the duration and purpose of this agreement.
NOTIFICATION AND CONSENT
We require your consent for the collection, use or disclosure of Personal Data for the purpose of administering care or to carry out pre, intra or post contractual measures. Wherever we request for your personal information, your consent will be requested for in a clear manner and your agreement will be indicated expressly by your signature or impliedly by ticking a designated box or other similar modes to show your consent or in any other implied manner in accordance with the relevant Nigerian data protection laws and regulations.
As provided under the law, you may withdraw your consent from our collection, use or disclosure of your Personal Data, at any time, subject to legal or contractual restrictions and reasonable notice. All communications with respect to such withdrawal of consent should be in writing and addressed to the Data Protection Officer as indicated in Clause 18 of this Privacy Policy.
DATA SECURITY
Mother and Child Hospitals endeavours to maintain physical, technical, and procedural safeguards that are appropriate to the sensitivity of Personal Data. These safeguards are designed to protect your Personal Data from loss and unauthorized access, copying, use, modification, or disclosure. Despite these safeguards, we understand that no system of data security is fully and absolutely secure and will inform you of a breach to your Personal Data as may be required by Law should any occur despite our best efforts.
As a User, you are also responsible for ensuring personal data is kept securely and accessible only to those who need to use it. Appropriate security measures should be taken to prevent accidental loss of, or damage to, personal data. This may include the use or change of passwords, cache and cookie clearing.
DATA RETENTION
Except as otherwise permitted or required by applicable law or regulatory requirements, Mother and Child Hospitals endeavours to retain your Personal Data only for as long as it believes is necessary to fulfil the purposes for which the Personal Data was collected (including, for the purpose of meeting any legal, accounting, or other reporting requirements or obligations).
DATA ACCURACY
It is important that the information contained in our records is both accurate and current. If your Personal Data changes at any time, please keep us informed of such changes. You can do this by contacting [insert the contact details of the Company’s Data Protection Officer (DPO).
ACCESS TO YOUR PERSONAL DATA AND DELETION OF YOUR PERSONAL DATA
Mother and Child Hospitals recognizes that you can request access to your personal data or rectification/deletion of personal data that we hold about you. To make such a request, please contact the designated Data Protection Officer using the contact information below. Please note that any such communication must be in writing. In your request, please make clear what specific Personal Data you would like to have accessed, rectified, or deleted.
When requesting access, rectification, or deletion of your personal data, please note that we may request specific information from you to confirm and record your intention. If you require assistance in preparing your request, please contact the office of the designated Data Protection Officer.
Your right to access, rectify, or delete the Personal Data that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse your request. In addition, the Personal Data may have been destroyed, erased, or made anonymous in accordance with our record retention obligations and practices.
If we cannot provide you with access to, or rectification or deletion of your Personal Data, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions. We will not persecute you in any way for exercising any of your rights described under this heading.
Your Rights as a Data Subject
You have rights under data protection laws in relation to your personal data. It is Mother and Child Hospital’s policy to respect your rights, and Mother and Child will act promptly and in accordance with any applicable law, rule, or regulation relating to the processing of your personal data.
Details of your rights are set out below:
• Right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible, and easily accessible format and will be written in clear and plain language;
• Right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data, and information regarding how your personal data is being used, shared, and retained by us;
• Right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
• Right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
• Right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if the processing of personal data is unlawful and you oppose erasure and request restriction instead, or if the personal data is no longer required by us, but you require the personal data to be retained to establish, exercise or defend a legal claim.
• Right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through our website). Information about you that has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e., electronically);
• Right to object to the processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data for the performance of a task in the public interest, (b) we are using personal data for direct marketing purposes, or (c) information is being processed for scientific or historical research or statistical purposes. (d) you are subjected to decision-making based on an automated process;
• Right to restrict processing of data – you have the right to restrict the processing of data pending the resolution of a request made by you, an objection by you, the establishment, exercise, or defense of a legal claim;
• Right to lodge a complaint with the Nigerian Data Protection Commission (the Commission).
You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information.
You may exercise any of your rights by contacting the Data Protection Officer. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may refuse to comply with your request if the request is clearly unfounded, repetitive, or excessive.
INQUIRIES OR CONCERNS
If you have any questions about this Privacy Policy or concerns about how we manage your Personal Data, or you intend to exercise your privacy rights, please contact the office of our Data Protection Officer in writing, or by e-mail. We will endeavour to answer your questions and advise you of any steps taken to address the issues raised by you.
CONTACT US
Mother and Child Hospitals has a designated Data Protection Officer charged with overseeing compliance with this Privacy Policy. For correspondence, please email info@motherandchildhospital. If you have any questions, suggestions or concerns about our use of your personal data or this Privacy Policy, please contact us at 2 Ogunnusi Road, Ojodu, Lagos State, Nigeria.
UPDATES TO PRIVACY POLICY
Mother and Child Hospitals may change this Privacy Policy from time to time to reflect changes in its legal or regulatory obligations or in the way we handle your Personal Data. We will communicate any revised version of this Privacy Policy.
CONSENT
By engaging with this website, you show that you have read and understood this Privacy Policy and consent to the terms contained in this policy.