Heala's Privacy Policy

  1. Introduction
    Heala Tech Limited (“Heala”, “Heala”, the “Company”, or “we” or “us”) values your Personal Data. We have made it our obligation to ensure that your data is protected whenever you use our platform. We have therefore set out to describe how we treat your data and the rights you have in respect to your data as a user of our platform. Please read this Privacy Notice (the “Notice”) to understand our policies, processes, and procedures regarding the processing of your personal data.

    This Notice will help you understand how we use your information and what we do with it and applies to all forms of systems, operations and processes on our platform that involve the collection, storage, use, transmission and disposal of Personal Data. However, the application of this Notice does not extend to services that are not owned or controlled by Heala, including third-party websites and the services of other Heala’s partners. Heala ensures to handle personal data provided to us by our customers and merchants (“Users”) in strict compliance with applicable data privacy and protection laws.
  1. The Information we Collect
    To access the Heala Services and for optimal use of this application/website, we collect personally identifiable Information which you voluntarily provide to us.

    Personally identifiable information refers to the personal information you submit, when you use the services offered on our website and digital platform, including the following:
    1. Sign-up information : When you register to use the services offered on our platform, we will collect Personal Data that is necessary to on-board you such as your name, email address, mobile phone number and some medical information. We may require you to provide additional personal details as you use our services.
    2. Information from other sources : We may collect information from other sources, such as our social media platforms when you reach out to us to lodge a complaint about our services. However, we will only ask for information required to help us be of service to you.
    3. Other information we collect related to your use of our website or Services : We may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey.
    4. When you apply for a job with us : We may request Personal Data about your education, employment and state of health. As part of your application, you will be asked to provide your express consent to our use of this information to assess your application and any monitoring activities which may be required of us under applicable laws as an employer.
    5. Other personal identifiable details include but not limited to (e.g. email address, password, name, address, telephone number, business name, camera sensor data, bank details, and other unique identifiers including but not limited to MAC address, IP address, IMEI number, IMSI number, SIM and others). For ease of transacting, we may also collect your contact details, only if your permission to do so is granted.
    6. We may also carry out screening checks (including reference, background and criminal record checks).
    7. We may exchange your Personal Data with medical institutions, law enforcement agencies, referees and your previous employers.
    8. Without your Personal Data, we may not be able to process your application for positions with us.
    9. We also collect non-personally identifiable information including but not limited to dynamic IP address, geolocation data, screen size and cookies data. We use technical methods to collect and store personal information such as cookies, JWT, web beacons etc. We will not share or disclose this information with third parties except as a necessary part of providing our users with access to our website and services. By visiting and using our website, you agree to our use of cookies in line with Heala’s policies. For more details about Cookies, please read our Cookies Policy available through this link.
      • We do not collect the information of minors.
      • If you are under the age of 18, you are not eligible to use the service offered on our digital platform. Kindly refer to our Terms.
  1. Uses of Information 
  1. We use your personally identifiable information to:
    1. provide our services and supporting customer support;
    2. process your requests, resolve disputes and troubleshoot problems;
    3. prevent potentially prohibited or illegal activities and enforce our Terms;
    4. customise, measure and improve our services;
    5. customise and improve the layout of our website and platform generally;
    6. compare information for accuracy and verify with third parties;
    7. update our databases and provide user support;
    8. provide you with information about other services we offer which you may not have signed up for or may not be available at the time of your onboarding.
    9. Authenticate your access to an account
    10. Communicate with you about your account
    11. Manage risk, fraud and abuse of our services and you from fraud by verifying your identity.
    12. Comply with our obligations and to enforce the terms of our sites and services, including to comply with all applicable laws and regulations.
    13. Trail information breach and remediate such identified breaches.
    14. Resolve disputes and troubleshoot problems.

By continuing the use of our platform, you agree that we may:

    • Market Heala and/or our partner’s products and services to you.
    • Use cookies to provide a targeted display, feature, service or offer to you.
  1. We undertake that we will not send unsolicited marketing communications to you by SMS or email if you have not opted in to receive them.
  1. Additionally, you can withdraw your consent at any time and free of charge.
  1. What Constitutes your Consent?
    • You accept this privacy policy when you give consent upon access to our platforms, use the services offered on our website and digital platform or visit any of our offices for official or non-official purposes.
    • Where processing of Personal Data is based on consent, Heala shall obtain the requisite consent at the time of collection of the Personal Data. In this regard, you consent to the processing of your Personal Data when you access our platforms, or use our services, content, features, technologies, or functions offered on our website or other digital platforms. You can withdraw your consent at any time, but such withdrawal will not affect the processing of your data which we carried out lawfully based on consent given before your withdrawal.
    • We may retrieve Personal Information about you from third parties including medical and financial institutions. With your consent, we may also collect additional Personal Information in other ways including emails, surveys, and other forms of communication. Once you begin using our services through your Heala account, we will keep records of your dealings and collect information of your other activities related to our services. We will not share or disclose your Personal Information with a third party without your consent and except in accordance with section 6 of this Policy, in compliance with a law or regulation which binds us, or a judicial proceeding or order instituted or  issued against. We will not use your information or seek your consent to use your information for the proHealation of atrocities, hate, child rights violation, criminal acts and anti-social conducts.
  1. Sharing of Information 
    • Heala assures you that it shall only obtain your data with your consent and that your data shall only be used for the purpose for which it was obtained. However, we may share your Personal Data with companies within the Heala, service providers engaged by us to provide services to Heala subject to appropriate data security and protection. In addition, we may transfer your Personal Data out of Nigeria in line with the requirements of the Nigeria Data Protection Regulation, 2019. Save as provided hereunder, Heala does not share your personal information with unauthorisd persons and adequate safeguards have been put in place to prevent unauthorised access and to ensure confidentiality of your personal information.
    • Our website may contain third-party links or links to other websites. Please be advised that we are not responsible for the privacy practices or contents of these sites and shall not be responsible for your use of such websites. We encourage our users to be aware of when they leave our website and to read the privacy statements of these sites. You should evaluate the security and trustworthiness of any other site connected to this site or accessed through this site before disclosing any personal information to them. Heala will not accept any responsibility for any loss or damage in whatever manner resulting from your disclosure of your personal information to third parties.
    • We may share your Personal Data or other information about you with others for the following reasons:
      • With other companies that provide services to us: We may share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, include your medical institution, medical service provider, or provide customer support.
      • With other third parties for our business purposes or as permitted or required by law: We may share information about you with other parties for Heala’s business purposes or as permitted or required by law, including:
      • If we need to do so to comply with a law, legal process or regulations;
      • To law enforcement authorities or other government officials, or other third parties pursuant to a court order or other legal process or requirement applicable to Heala’s or Heala’s corporate family;
      • If we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
      • To protect the vital interests of a person.
      • To investigate violations of or enforce our term or other legal terms applicable to any service;
      • To protect our property, services and legal rights;
      • To facilitate a purchase or sale of all or part of Heala’s business
      • To companies that we plan to merge with or be acquired by; and
      • To support our audit, compliance, and corporate governance functions.
  1. You understand that we   may also share your Personal Data and other information with your consent or direction.
  1. Acknowledgment
    You acknowledge that by using the Heala services, some of your personal information will be passed on to any person whom you receive Heala money from, or send Heala money to, and will be available to any third party involved in the operation of the service including without limitation, Heala Agents and partner banks.
  1. Your Rights 
  1. You can exercise the following rights with respect to your Personal Data with Heala:
    1. request and access your Personal Data collected and stored by Heala;
    2. withdraw consent at any time. For example, you can withdraw your consent to receive our marketing or promotional materials or unsubscribe to our newsletters;
    3. object to automated decision making;
    4. request rectification and modification of Personal Data kept by Heala;
    5. request for deletion of your Personal Data;
    6. be informed of and entitled to provide consent prior to the processing of Personal Data for purposes other than that for which the Personal Data were collected;
    7. request that Heala restricts processing of your Personal Data; and
    8. request for information regarding any specific processing of your personal data.
  1. You may exercise any of these rights by sending an email to […] where your requests will be treated promptly.
  1. Lawful Basis for Processing Personal DataWe will only use your Personal Data if we have a proper reason for doing so. We consider the lawful basis for using your Personal Data as set out in the Nigeria Data Protection Regulation (NDPR). This include:
    • To comply with our legal and regulatory obligations.
    • To perform a contract with you or to take steps at your request before entering into a contract.
  • To use your Personal Data as is necessary for our legitimate interests or the legitimate interests of others.
  • To protect your interest, the interest of another Data Subject or for the performance of a task carried out in the public interest or in exercise of official public mandate vested in us.
  1. Disclosure of Personal Data 
  • We may disclose any information we collect about current and former customers, including Personal Data, to affiliates and non-affiliated third parties as follows:
    • With medical service providers, especially your medical institution in the event that you are using your medical service provider’s portal on our platform.
    • With another user, when you sign up for Heala’s services via a referral link. The user that referred you may receive information indicating that you have enrolled with Heala. You may avoid this sharing by not using a referral link to enrol.
    • With non-medical companies, such as email service providers that perform marketing services on our behalf, and fraud prevention service providers that use the information to provide services to Heala and other companies.
    • With a non-affiliated third-party to access and transmit your personal and medical information from a relevant medical institution. You grant the third-party the right, power, and authority to access and transmit this information. according to terms of their privacy policy.
  1. With other non-affiliated companies for our everyday business purposes, such as to process transactions, maintain accounts, respond to court orders and legal investigations or report to medical regulators. For example, in connection with our everyday business purposes, we may share Personal Data about you as follows:
  • In response to a request for Personal Data, if we are required by, or we believe disclosure is in accordance with, any applicable law, regulation or legal process.
  • With relevant law enforcement officials or other third parties, such as investigators or auditors, if we believe it is appropriate to investigate fraud.
  • If we believe your actions are inconsistent with the spirit or language of our user agreements or policies, or to protect the rights, property and safety of Heala or others.
  • In connection with, or during negotiations of, any merger, sale of Heala’s assets, financing or acquisition of all or a portion of our business to another company; and
  • With your consent or at your direction, including if we notify you that the Personal Data you provide will be shared in a particular manner and you provide such Personal Data.
  1. We may also share aggregated or de-identified Personal Data, which cannot reasonably be used to identify you. For example, we may share transaction zip codes with third parties to improve our accuracy in geo-locating transactions and to improve the clarity of transaction descriptions.
  1. We will usually not share your Personal Data with other third parties without your consent. Where we need to transfer your Personal Data to another country, we shall ensure that such country to which the data is being transferred shall have adequate data protection law. We will seek your consent where we need to send your data to a country without an adequate data protection law.
  1. Account Monitoring
    You accept that Heala shall have the right to monitor your account usage and if required, will disclose personal information to local enforcement or investigative agencies or any competent regulatory or governmental agencies to assist in the prevention, detection or prosecution of fraud or criminal activities.
  1. Heala Employee Obligation Heala employees who handle personal information are under an obligation to treat it confidentially and may not disclose it to third parties. Heala employees are also responsible for the internal security of the information. Employees who violate Heala’s privacy policies are subject to the company’s disciplinary procedures.
  1. Submitting Information Through Heala
    Any person submitting information to Heala through our platform may be granted access rights to that information. Heala has developed systems that enable users to access and correct their personal information submitted to it. Heala is committed to ensuring that personal data processed by the company is accurate and up to date in line with the provisions of the Nigeria Data Protection Regulation (NDPR) 2019. In order to ensure that your personal data with the company is current, complete and accurate, please update us if there are changes to your personal information by informing the company’s DPO via the stated contact details or the Human Resources Unit. We shall take it that your records with the company are current, complete and accurate if we do not receive any update from you.
  1. Privacy Policy Updates 
  1. Heala may at any time amend, delete, or add to its Privacy Policy by giving notice of such changes or posting a revised version of our Privacy Policy on Heala’s online portals. Any change will be made unilaterally by us and you will have been deemed to have accepted these changes by your continuous use of Heala’s services after the revised Privacy Policy is uploaded. We will make efforts to display a notice of any change to our Privacy Policy on our website. Notwithstanding this, you further agree that it is your sole responsibility to check for updates of the Privacy Policy.
  1. If you do not accept any change, you will be required to close your Heala prepaid account, otherwise you will be deemed to have accepted it. Any closure of the account still renders you liable to Heala for any liability incurred by you prior to closure.
  1. Correspondence
    Should you send us correspondence including chats, calls, emails and letters, we will retain such information in the records of your account. We will also retain customer service correspondence and other correspondence from Heala to you. The rationale for this retention is to keep records of our relationship, measure and improve customer service and to investigate potential fraud and violations of our User Agreement. We may, over time, delete these records if permitted by law.
  1. Questionnaires & Surveys
    From time to time, Heala may offer optional questionnaires and surveys to our users for such purposes as collecting demographic information or assessing users’ interests and needs. The use of information collected will be explained in detail in the survey itself. If we collect personal identifiable information from our users in these questionnaires and surveys, the users will be given notice of how the information will be used prior to their participation in the survey or questionnaire.
  1. Security 
  1. Heala is committed to managing customer information with the highest standards of information security. We protect your personal information using physical, technical and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. To prevent unauthorised access or disclosure of Information we have physical, electronic and managerial procedures in place to keep your information safe. Once logged into your Heala account, all internet communication is secured using Transport Layer Security (TLS) technology and the connection is encrypted and authenticated using AES 128bit encryption key and uses Elliptic Curve Diffie-hellman key exchange (ECDHE) RSA as a key exchange mechanism and only authorised access to personal information is granted only to employees who require it to fulfil their job responsibilities.
  1. The security of your Heala prepaid account also rests on the protection of your PIN. You should not share your PIN with anyone and no employee of Heala will ever ask you for either of these so any email or correspondence requesting for such information should be treated as unauthorised and suspicious and forwarded to […]. We will endeavour to respond to such emails as soon as possible.
  1. Should you share your PIN with any third parties, such third parties will have access to your account and your personal information, and you may be responsible for any actions taken using this information. Heala shall not be liable or responsible for any breach or loss arising from the disclosure of your PIN or other private information to any third parties. In the event you suspect a third party has gained access to your PIN, please log into your Heala profile, change it and notify us straightaway.
  1. Although we make good faith efforts to store Information in a secure operating environment that is not open to the public, you should understand that there is no such thing as complete security, and we do not guarantee that there will be no unintended disclosures of your Information. If we become aware that your Information has been disclosed in a manner not in accordance with this Privacy Policy, we will use reasonable efforts to notify you of the nature and extent of the disclosure (to the extent we know that information) as soon as reasonably possible and as permitted by law.
  1. Phishing
    Phishing is the name given to attempts to steal personal details and financial account details from a website user. “Phishers” use fake or “spoof” emails to lead users to counterfeit websites where the user is tricked into entering their personal details, such as credit card numbers, usernames and passwords.

    If you receive such an e-mail or are asked for your password by anyone claiming to work for us please forward the e-mail or report the incident by e-mail to our Data Protection Officer
  1. Retention of your personal data 
  1. Heala takes appropriate measures to ensure that your Personal Data is only processed and retained for a period in line with the purposes set out in this Notice, as is stated under our Terms and Conditions or as required by applicable laws, until a time it is no longer required or has no use. We will also determine what action is to be carried out after the period stated in policies expired.
  1. The security of your Heala prepaid account also rests on the protection of your PIN. You should not share your PIN with anyone and no employee of Heala will ever ask you for either of these so any email or correspondence requesting for such information should be treated as unauthorised and suspicious and forwarded to […]. We will endeavor to respond to such emails as soon as possible.
  1. Restriction of Liability 
  1. We make no claims, promises or guarantees about the accuracy, completeness, or adequacy of the contents of this Website and expressly disclaim liability for errors and omissions in the contents of this Website.
  1. No warranty of any kind, implied, expressed or statutory, including but not limited to the warranties of non-infringement of third party rights, title, merchantability, fitness for a particular purpose and freedom from computer virus, is given with respect to the contents of the Website or its hyperlinks to other internet resources.
  1. Reference in this Website to any specific commercial products, processes, or services, or the use of any trade, firm or corporation name is for the information and convenience of the public, and does not constitute endorsement, recommendation, or favouring by us.
  1. The contents of this website are under copyright and/or trademark of their original author(s) unless otherwise noted on the page itself.
  1.  Inquires
    Heala is responsible for ensuring that our day-to-day procedures are aligned with this Privacy Policy. Should you have any questions about this privacy statement, Heala’s information services or your transactions on Heala, you can contact us via our customer helplines or by email to hello@heala.ng
Let's Talk