PLEASE IT IS ADVISED THAT YOU READ THESE POLICY CAREFULLY BEFORE ACCESSING OR USING THE SERVICES.
SH:24 has identified this policy as a necessary tool for ensuring that privacy rights are protected both at the collection, processing, operation and management of the Data. To this end, SH:24 is committed to safeguarding your privacy by:
- Ensuring the security of information or data collected and held in its Database.
- Guarding against unauthorized disclosures.
- Ensuring that usage of such information or data is limited to only those purposes provided by this policy and by the Nigerian Data Protection Laws and regulations.
- Disclosure and/or use is preceded by your consent before or during access.
DATA WE MAY COLLECT FROM YOU
If you contact us or request our service you will be asked to provide certain Personally Identifiable Information – PII (such as your name, date of birth, sex, mobile/telephone number, email address, physical delivery address etc) and health status information such as information about your physical health including your medical history and/or current health status, including but not limited to sexual history and data regarding test results. If you decide to provide PII, you are telling us that this information is both true and accurate, and that you are authorized to provide it to us.
We collect standard information about our platform users such as IP addresses, browser type, operating systems, what you searched for, referring and exit pages and times of visits, and other site usage behavior (“Site Visitation Data”). Site Visitation Data is used to administer the site and provide general statistics regarding the use of our Platform
To help improve our site and services, we may collect certain technical information from your browser software, this may include Internet Protocol (IP) Address, your login data, browser type and password, time zone setting and location, browser plug-in types and versions, operating system and platform, as well as other technologies on the devices used to access the site.
HOW WE WILL COLLECT YOUR DATA
Diverse methods are deployed in the collation of your data, including through;
All your forms of Data can be collected through the filling of forms on our platform, corresponding with us via phone call, e-mail, WhatsApp direct messaging or otherwise. For our forums/interactive services, you may give us basic identity and contact data if joining via Facebook, Google or Twitter. This includes personal data you provide when you:
- Register to use our Site.
- Post, interact or comment on our Site.
- Request for our products or service.
- Give us some feedback.
Automated technologies or interactions
For more information about the cookies we use, please see cookies.
USE OF PERSONAL DATA
We will process your data in accordance with the provision of Rule 2.2, Part 2 of the Nigeria Data Protection Regulation (NDPR) 2019.
The basis on which we shall rely on in processing your personal data includes but is not limited to the following:
- Handling an initial request for a test kit and/or other services provided by SH:24;
- Processing information about your sexual or medical history, including sensitive materials/documents for diagnostic purposes;
- Responding or interacting with you via our platform;
- Providing healthcare (or health assessment) and related services;
- Communicating with you and resolving any queries or complaints that you might have, including responding to any data subject rights;
- Clinical research and development;
- Provision of feedback to help us improve our services.
KEEPING IN TOUCH AND COMMUNICATING WITH YOU
Following your express consent to use our Platform, we collect and save your information, which enables us to recognise you regardless of where you access our platform from. SH:24 gives you the option of reaching out to you via any of the contacts provided. You can opt out of us reaching you by informing us on our platform.
We may also provide our services to you physically through a delivery service/courier company to the physical address you may provide to us.
SHARING/TRANSFER OF USER DATA
We will treat your personal information as confidential, and will not share your personal information with third parties without your permission, except in the limited circumstances described below.
We may have to share your personal data with the parties below in order to provide our services to you and to fulfill our obligation under the Global Fund – Differentiated Service Delivery project (GF-DSD).
We expect and mandate all third parties to treat your personal data with care and in compliance with the law.
We do not allow our third-party service providers to use your personal data for their own purposes; instead, we only allow them to process it for specific purposes and according to our instructions.
Examples of our third parties include:
- Nigeria Ministry of Health;
- APIN Public Health Initiatives Ltd/Gte;
- Achieving Health Nigeria Initiative (AHNi);
- Sub-contractors for the performance of any contract we enter into with them or you (for example, distributors/courier who may deliver test kits);
- Service providers acting as processors who provide IT and system administration services.
Your Personal Data will be processed in our operating office and any other locations where the parties involved in the processing are situated. It means that this information could be transferred to and stored on systems outside of your state of residence, local government, ward, nation, or other governmental jurisdiction, where data protection regulations may differ from those in your jurisdiction but recognized by the Nigerian Government. We transfer personal data from Nigeria to the European Union (EU) and United States of America (USA), regions/countries which the Nigerian government has recognised as having adequate measures in place for data protection.
YOUR LEGAL RIGHTS AND RESPONSIBILITIES
Following your consent to use our platform, you have rights and responsibilities which include but are not limited to Rights of access, correction, erasure, and restriction.
You have many rights concerning the processing of your personal information by SH:24. These are outlined below;
Your responsibility to inform us of changes.
It is important that the personal information we hold about you is accurate and current. You need to keep us informed if your personal contact information changes.
Your right to request access to your personal information.
This enables you to know what personal information we hold about you and to check that we are lawfully processing it.
Your right to request correction of the personal information that we hold about you.
This enables you to have any incomplete or inaccurate information we hold about you corrected.
Your right to request erasure of your personal information.
This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. This does not apply where we are legally obliged to process your personal information or where the processing is necessary for performing our functions.
Your right to object to the processing of your personal information.
You have the right to object to us processing your personal data in a particular situation and upon good grounds and in which case we will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms.
Your right to request the restriction of processing of your personal information.
This right enables you to ask us to suspend the processing of personal information about you.
Right to withdraw consent.
ACCESS TO AND CONTROL OF PERSONAL DATA
You can confirm, change, update or delete personal data you have provided to us by contacting us on our platform.
You can change your email and contact preferences at any time via our platform.
Please note that, even after you remove information from our platform, copies of that information may remain viewable elsewhere to the extent it has been shared with others pursuant
If you would like to correct or erase your personal data we have collected, please send us a request by email to firstname.lastname@example.org. Upon receipt of such a request, we will seek to comply as soon as reasonably practicable (but in no event more than 30 days).
CHANGE OF PURPOSE
Unless we reasonably believe that we need to use it for another reason that is compatible with the original purpose, we will only use your personal data for the purposes for which it was collected.
Please contact us if you would want an explanation of how the processing for the new purpose is compatible with the original purpose.
If we need to use your personal data for a different reason, we will let you know and explain the legal basis for doing so.
Please be aware that, if required or permitted by law, we may treat your personal data without your knowledge or consent, in accordance with relevant regulations.
KEEPING YOUR DATA SECURE
The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. We use a combination of industry standard technical, administrative, and physical controls to maintain the security of your data.
We would advise that you restrict access to your Phone or device and their settings be adjusted to prevent SMS previewing, as most phone handsets provide a preview of incoming SMS on receipt. This setting is very easy to change on most phones.
We also advise immediate or periodic communication deletes, in the case of stolen or misplaced phones, as well as other incidents giving access to your private data.
However, no method of transmission over the internet, or method of electronic storage is one hundred percent secure and we cannot guarantee its absolute security. Please contact us, if you have any questions about security on our site.
HOW LONG WE WILL KEEP YOUR DATA
Your Personal data will be kept for as long as necessary for the performance and fulfillment of our obligation under the GF-DSD project, and so long as your consent is in existence because we need to retain such to provide our services. We keep this information for as long as necessary for our legitimate business interests, for legal reasons, public interest and to prevent harm, including as described in the Information We Collect section.
Usage Data will be kept by the Company for internal analysis. Except where this data is utilized to reinforce the security or to improve the functionality of Our Service, or when We are legally compelled to retain this data for longer periods of time, Usage Data is kept for a shorter amount of time.
In some cases, we might anonymise your personal data (so that it can no longer be associated with you) for research or statistics purposes in which case we may use this information indefinitely without further notice to you.
PROTECTION OF CHILDREN’S PRIVACY
No one under the age of 18 is allowed to use our service. We do not intentionally collect personal data from children under the age of 18. Please notify us if you are a parent or guardian and are aware that your kid/ward has provided us with Personal Data. If we learn that we have obtained Personal Data from anyone under the age of 18 without parental consent, we will take steps to erase the data from our servers.
If we need to rely on consent as a legal basis for processing your data and your nation requires parental consent, We may need your parent’s permission before collecting and using such data.
LINKS TO OTHER WEBSITES
Our Service may contain connections/links to websites that are not under our control or operated by us. You will be routed to the third party’s website if you click on a third-party link. We strongly suggest you read the Privacy Policies of any website you visit.
We have no control over or responsibility for the content, privacy policies, or practices of any third-party sites or services.
CHANGES TO THIS POLICY
WHAT WE NEED FROM YOU
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.
WHEN SH:24 WILL RESPOND TO A REQUEST
We’ll act upon the request without undue delay and at the latest within a month after receipt of the request. We may extend the time to respond by a further if the request is complex or we have received several requests from the same person. However, in those circumstances, we will let you know without undue delay and within the shortest time of receiving your request and explain why the extension is necessary. For personal contacts, you can access our Data Protection Officer (DPO) from the information provided below.
CONTACT INFORMATION AND ENFORCEMENT OF POLICY
Data Protection Officer:
Name: Solomon Ejike
THE RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
If you have concerns about our information rights practices, contact the NITDA Headquarters at;
National Information Technology Development Agency (NITDA), 28, Port Harcourt, Crescent, Area 11, Garki, Abuja. email@example.com