Privacy Policy - Nigeria

PLEASE IT IS ADVISED THAT YOU READ THESE POLICY CAREFULLY BEFORE ACCESSING OR USING THE SERVICES.

Introduction:

This Privacy Policy describes how SH:24 a UK based, digital sexual and reproductive healthcare organisation incorporated and registered in England and Wales with company registration number 08737119 and registered office at 35a, Westminster Bridge Road, London, SE1 7JB and its affiliates, parents, and subsidiaries (collectively, “SH:24” “Our”or “Us”) gathers, uses and stores personal data submitted on our Platform. It also describes the choices available to you regarding our administration of your personal data and how you can access, update and ensure the deletion of this data.

SH:24 has identified this policy as a necessary tool for ensuring that privacy rights are protected both at the collection, processing, operation and management of the Data. To this end, SH:24 is committed to safeguarding your privacy by:

Ensuring the security of information or data collected and held in its Database.

Guarding against unauthorized disclosures.

Ensuring that usage of such information or data is limited to only those purposes provided by this policy and by the Nigerian Data Protection Laws and regulations.

Disclosure and/or use is preceded by your consent before or during access.

DATA WE MAY COLLECT FROM YOU

If you contact us or request our service you will be asked to provide certain Personally Identifiable Information – PII (such as your name, date of birth, sex, mobile/telephone number, email address, physical delivery address etc) and health status information such as information about your physical health including your medical history and/or current health status, including but not limited to sexual history and data regarding test results. If you decide to provide PII, you are telling us that this information is both true and accurate, and that you are authorized to provide it to us.

We collect standard information about our platform users such as IP addresses, browser type, operating systems, what you searched for, referring and exit pages and times of visits, and other site usage behavior (“Site Visitation Data”). Site Visitation Data is used to administer the site and provide general statistics regarding the use of our Platform

To help improve our site and services, we may collect certain technical information from your browser software, this may include Internet Protocol (IP) Address, your login data, browser type and password, time zone setting and location, browser plug-in types and versions, operating system and platform, as well as other technologies on the devices used to access the site.

HOW WE WILL COLLECT YOUR DATA

Diverse methods are deployed in the collation of your data, including through;

Direct Interactions

All your forms of Data can be collected through the filling of forms on our platform, corresponding with us via phone call, e-mail, WhatsApp direct messaging or otherwise. For our forums/interactive services, you may give us basic identity and contact data if joining via Facebook, Google or Twitter. This includes personal data you provide when you:

Post, interact or comment on our Site.

Request for our products or service.

Give us some feedback.

Automated technologies or interactions

We use “Cookies” and other similar technologies to identify the areas of our Platform that you have visited. A Cookie is a small piece of data stored on your computer or mobile device by your web browser. We use Cookies to enhance the performance and functionality of our service but are non-essential to their use. The Cookies may automatically collect Technical Data about your equipment, browsing actions and patterns. We may also receive Technical Data about you if you visit other websites employing our cookies.

However, without these Cookies, certain functionality on our Platform may become unavailable or you would be required to provide information every time you visit our platform as we would not be able to remember that you had logged in previously. Most web browsers can be set to disable the use of Cookies. However, if you disable Cookies, you may not be able to access functionality on our website correctly or at all. We never place Personally identifiable information in Cookies.

For more information about the cookies we use, please see cookies.

USE OF PERSONAL DATA

We will process your data in accordance with the provision of Rule 2.2, Part 2 of the Nigeria Data Protection Regulation (NDPR) 2019.

The basis on which we shall rely on in processing your personal data includes but is not limited to the following:

Handling an initial request for a test kit and/or other services provided by SH:24;

Processing information about your sexual or medical history, including sensitive materials/documents for diagnostic purposes;

Responding or interacting with you via our platform;

Providing healthcare (or health assessment) and related services;

Communicating with you and resolving any queries or complaints that you might have, including responding to any data subject rights;

Sharing your information in accordance with our privacy policy;

Clinical research and development;

Provision of feedback to help us improve our services.

KEEPING IN TOUCH AND COMMUNICATING WITH YOU

Following your express consent to use our Platform, we collect and save your information, which enables us to recognise you regardless of where you access our platform from. SH:24 gives you the option of reaching out to you via any of the contacts provided. You can opt out of us reaching you by informing us on our platform.

We may also provide our services to you physically through a delivery service/courier company to the physical address you may provide to us.

SHARING/TRANSFER OF USER DATA

We will treat your personal information as confidential, and will not share your personal information with third parties without your permission, except in the limited circumstances described below.

We may have to share your personal data with the parties below in order to provide our services to you and to fulfill our obligation under the Global Fund – Differentiated Service Delivery project (GF-DSD).

We expect and mandate all third parties to treat your personal data with care and in compliance with the law.

We do not allow our third-party service providers to use your personal data for their own purposes; instead, we only allow them to process it for specific purposes and according to our instructions.

Examples of our third parties include:

Nigeria Ministry of Health;

APIN Public Health Initiatives Ltd/Gte;

FHI360;

Achieving Health Nigeria Initiative (AHNi);

Sub-contractors for the performance of any contract we enter into with them or you (for example, distributors/courier who may deliver test kits);

Service providers acting as processors who provide IT and system administration services.

Your Personal Data will be processed in our operating office and any other locations where the parties involved in the processing are situated. It means that this information could be transferred to and stored on systems outside of your state of residence, local government, ward, nation, or other governmental jurisdiction, where data protection regulations may differ from those in your jurisdiction but recognized by the Nigerian Government. We transfer personal data from Nigeria to the European Union (EU) and United States of America (USA), regions/countries which the Nigerian government has recognised as having adequate measures in place for data protection.

By agreeing to this Privacy Policy and submitting your data, you are indicating that you agree to the sharing and transfer of your data.

We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy, and no transfer of your Personal Data to an organization or country will take place unless adequate controls, including security of your data and other personal information, are in place.

YOUR LEGAL RIGHTS AND RESPONSIBILITIES

Following your consent to use our platform, you have rights and responsibilities which include but are not limited to Rights of access, correction, erasure, and restriction.

You have many rights concerning the processing of your personal information by SH:24. These are outlined below;

Your responsibility to inform us of changes.

It is important that the personal information we hold about you is accurate and current. You need to keep us informed if your personal contact information changes.

Your right to request access to your personal information.

This enables you to know what personal information we hold about you and to check that we are lawfully processing it.

Your right to request correction of the personal information that we hold about you.

This enables you to have any incomplete or inaccurate information we hold about you corrected.

Your right to request erasure of your personal information.

This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. This does not apply where we are legally obliged to process your personal information or where the processing is necessary for performing our functions.

Your right to object to the processing of your personal information.

You have the right to object to us processing your personal data in a particular situation and upon good grounds and in which case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms.

Your right to request the restriction of processing of your personal information.

This right enables you to ask us to suspend the processing of personal information about you.

Right to withdraw consent.

You have the right to withdraw your consent at any time, without affecting your consent earlier granted. You can simply withdraw your consent by forwarding a notice of withdrawal of consent to our Data Protection Officer (DPO) via the contact information provided in this privacy policy. You will be required to specify how and when you provided your consent, and for what purpose. Once your notice of withdrawal of consent is received, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legal basis for doing so in law. Note that a withdrawal of consent does not apply in situations where consent is not required to collect, use, or disclose personal information. For example, if the law requires disclosure, you can disclose even if an individual has not provided consent or has withdrawn their consent.

ACCESS TO AND CONTROL OF PERSONAL DATA

You can confirm, change, update or delete personal data you have provided to us by contacting us on our platform.

You can change your email and contact preferences at any time via our platform.

Please note that, even after you remove information from our platform, copies of that information may remain viewable elsewhere to the extent it has been shared with others pursuant

to our privacy policy. We will retain your information for as long as your consent is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you would like to correct or erase your personal data we have collected, please send us a request by email to admin@self-test.ng. Upon receipt of such a request, we will seek to comply as soon as reasonably practicable (but in no event more than 30 days).

CHANGE OF PURPOSE

Unless we reasonably believe that we need to use it for another reason that is compatible with the original purpose, we will only use your personal data for the purposes for which it was collected.

Please contact us if you would want an explanation of how the processing for the new purpose is compatible with the original purpose.

If we need to use your personal data for a different reason, we will let you know and explain the legal basis for doing so.

Please be aware that, if required or permitted by law, we may treat your personal data without your knowledge or consent, in accordance with relevant regulations.

KEEPING YOUR DATA SECURE

The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. We use a combination of industry standard technical, administrative, and physical controls to maintain the security of your data.

We would advise that you restrict access to your Phone or device and their settings be adjusted to prevent SMS previewing, as most phone handsets provide a preview of incoming SMS on receipt. This setting is very easy to change on most phones.

iPhone

Android

We also advise immediate or periodic communication deletes, in the case of stolen or misplaced phones, as well as other incidents giving access to your private data.

However, no method of transmission over the internet, or method of electronic storage is one hundred percent secure and we cannot guarantee its absolute security. Please contact us, if you have any questions about security on our site.

HOW LONG WE WILL KEEP YOUR DATA

Your Personal data will be kept for as long as necessary for the performance and fulfillment of our obligation under the GF-DSD project, and so long as your consent is in existence because we need to retain such to provide our services. We keep this information for as long as necessary for our legitimate business interests, for legal reasons, public interest and to prevent harm, including as described in the Information We Collect section.

Usage Data will be kept by the Company for internal analysis. Except where this data is utilized to reinforce the security or to improve the functionality of Our Service, or when We are legally compelled to retain this data for longer periods of time, Usage Data is kept for a shorter amount of time.

In some cases, we might anonymise your personal data (so that it can no longer be associated with you) for research or statistics purposes in which case we may use this information indefinitely without further notice to you.

PROTECTION OF CHILDREN’S PRIVACY

No one under the age of 18 is allowed to use our service. We do not intentionally collect personal data from children under the age of 18. Please notify us if you are a parent or guardian and are aware that your kid/ward has provided us with Personal Data. If we learn that we have obtained Personal Data from anyone under the age of 18 without parental consent, we will take steps to erase the data from our servers.

If we need to rely on consent as a legal basis for processing your data and your nation requires parental consent, We may need your parent’s permission before collecting and using such data.

LINKS TO OTHER WEBSITES

Our Service may contain connections/links to websites that are not under our control or operated by us. You will be routed to the third party’s website if you click on a third-party link. We strongly suggest you read the Privacy Policies of any website you visit.

We have no control over or responsibility for the content, privacy policies, or practices of any third-party sites or services.

CHANGES TO THIS POLICY

We may from time to time update this Privacy Policy. When we make these updates, we will change the “last updated” date listed below. If we make a material change to this Policy in how we use your personal information, we will update users by placing a more prominent notice on our home page before the change. We encourage you to periodically review this page for the latest information on our privacy practices. Your use of our platform after an updated privacy policy becomes effective will indicate your acceptance of the updated Policy.

WHAT WE NEED FROM YOU

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

WHEN SH:24 WILL RESPOND TO A REQUEST

We’ll act upon the request without undue delay and at the latest within a month after receipt of the request. We may extend the time to respond by a further if the request is complex or we have received several requests from the same person. However, in those circumstances, we will let you know without undue delay and within the shortest time of receiving your request and explain why the extension is necessary. For personal contacts, you can access our Data Protection Officer (DPO) from the information provided below.

CONTACT INFORMATION AND ENFORCEMENT OF POLICY

If you have any questions regarding our Privacy Policy, or if you are seeking to exercise your statutory rights, please contact us at

Email: admin@self-test.ng

Website: self-test.hiv/nigeria

Data Protection Officer:

Name: Solomon Ejike

Email: solomon@self-test.ng

THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

If you have concerns about our information rights practices, contact the NITDA Headquarters at;

National Information Technology Development Agency (NITDA), 28, Port Harcourt, Crescent, Area 11, Garki, Abuja. dpo@nitda.gov.ng

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
Google Analytics - GA	1 day	This cookie is used by Google Analytics to persist session state.
Google Analytics - GA	2 years	This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.
Google Analytics - GiD	1 day	This cookie is set by Google Analytics. It stores and update a unique value for each page visited and is used to count and track pageviews.
Google Analytics _gat cookie	1 day	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It is a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.