Heala's Privacy Policy

  1. Introduction Please read this privacy notice (Privacy Notice) to understand how Heala Tech Limited (“Heala”, the “Company”, or “we” or “us”) use and/or share your personal data as our customer when you use our website or mobile application (the “Platform”).You may need to read the privacy notices of third party Platforms or partners that we work with in providing our services to you, to understand their specific privacy practices, before accessing their website.
  2. Your Rights
      1. You can exercise the following rights with respect to your personal data with Heala:
        1. request and access your Personal Data collected and stored by Heala;
        2. withdraw consent at any time. For example, you can withdraw your consent to receive our marketing or promotional materials or unsubscribe to our newsletters;
        3. object to automated decision making;
        4. request rectification and modification of Personal Data kept by Heala;
        5. request for deletion of your Personal Data;
        6. refuse or disable cookies by adjusting your device browser settings. However, if you choose to refuse, disable, or delete cookies, some of the functionality of the Platform may no longer be available to you;
        7. be informed of and entitled to provide consent prior to the processing of Personal Data for purposes other than that for which the Personal Data were collected;
        8. request that Heala restrict processing of your Personal Data; and
        9. request for information regarding any specific processing of your personal data.
      2. You may exercise any of these rights by sending an email to dpo@heala.ng where your requests will be treated promptly. You may also reach out to the regulator through info@ndpc.gov.ng
  3. The Information we Collect and Lawful Basis for Processing Personal Data We require your personal data as a prerequisite for providing our services to you, including the user dashboard. Below are the information that we collect when you use our Platform:
Information we CollectHow we use itLawful Basis for ProcessingWho we share the data withRetention Period

Sign-up Information

This includes, your name, email address, mobile phone number, medical information, health goals, medications, medical conditions, location

KYC verification, onboarding, fraud monitoring and ongoing compliance checksYour Consent Legal obligation – we are required by our regulators to collect this information To fulfil the terms of the contract which you signed with us at the point of onboarding Legitimate interests (ours and those of others) such as to protect you, us, or others from threats (such as security threats or fraud); to enable or administer our business, such as for quality control, compliance, consolidated reporting and customer service; to manage corporate transactions, such as mergers or acquisitions; and to understand and improve our business or customer relationships generallyYour HMO
Your medical service provider
7 years

Sales/Marketing Data

This includes your email address, name, phone number, and other data which we may obtain from you during a sales drive or […]

Marketing, newsletters, sales outreach, social media campaigns, SMS or email, including targeted marketing services about our services or any of our partners’ services to you.Your consent
Legitimate interest
Not shared3 years
Payment InformationProcessing payments, storing payment informationYour consent to use the payment information to process your payment for our service.Payment service providerNil
(Please note that the payment service provider may, however, retain this data)
Complaint Resolution DataResolving issues, feedback managementTo fulfil the terms of the contract which you sign with us at the point of onboarding  

Medical Information

This is collected during your virtual consultations using our platform. It includes the audio and video recording of your consultation with your medical consultant

Records and audit purposes
Determination of fees to be paid by your HMO
Consent
Legitimate interest
To fulfil the terms of the contract which you sign with us at the point of onboarding
Your HMO
Your medical service provider
6 years
Location InformationConnecting with local doctors, personalizing experience, troubleshootingYour consentNil3 years

Employment information

This may include previous employment information, professional qualifications and experience; and, for employees, tax information, referee and contact information

To process your job application processing, maintain your employment relationship and carry out background checksYour consent
Our legitimate interests or those of others
To fulfil the terms of your employment contract (for employees)
To comply with labour laws applicable to us
Tax authorities
Your HMO
Background check service provider
Payroll service provider
7 years
Website/Technical DataImproving features, website content, developing products/servicesYour consent
For our legitimate interests or those of others
Nil3 years
CookiesEnabling website functionality, targeted displays, personalising experienceYour consent
For our legitimate interests or those of others
  

Where you do not intend to or no longer want to receive targeted display, features or any of our service, please send an email to ​dpo@heala.ng

  1. Consent
    You give your consent when you access our Platforms, use our services, or visit our offices for official or non official purposes. Here’s what you need to know:
    1. Consent for Data Processing: By using our services or visiting our Platforms, you agree to let us process your personal data.
    2. Withdrawing Consent: You can withdraw your consent at any time. However, withdrawing consent does not affect any data processing we carried out lawfully before the withdrawal.
    3. Third-Party Information: We may get your personal information from third parties, like medical and financial institutions, with your consent. We may also collect additional information through emails, surveys, and other communications.
    4. Records and Activities: When you use our services, we keep records of your activities related to our services.
    5. Sharing Information: We will not share your personal information with third parties without your consent, except in accordance with Section 5 of this Policy.
    6. Prohibited Uses: We will never use your information for illegal activities, hate speech, child rights violations, or any other anti-social conduct.
  2. Transfer of your Personal Information:
    We may transfer your personal information to our partners outside Nigeria. This may include service providers like Microsoft (when we use MS Office 360) or AWS (when we use their server services) However, we strictly adhere to regulatory guidelines relating to such transfer, including
      1. adequate level of protection, confirmation of sound data protection practices, etc. by the receiver of your transferred data;
      2. Reliance on your consent, in the absence of adequate protection. For the purpose of our use of service providers outside Nigeria, you consent to us sharing your data with them;
      3. public interest; or
    1. the establishment, exercise, or defense of legal claims.t out of any of these channels at any time if you do not want to receive them.
  3. Account Monitoring
    You accept that Heala shall have the right to monitor your account usage and, if required, will disclose personal information to local enforcement or investigative agencies or any competent regulatory or governmental agencies to assist in the prevention, detection or prosecution of fraud or criminal activities.
  4. Heala Employee Obligation
    Heala employees who handle personal information are under an obligation to treat it confidentially and may not disclose it to third parties. Heala employees are also responsible for the internal security of the information. Employees who violate Heala’s privacy policies are subject to the company’s disciplinary procedures.
    If you receive any email or are asked for your password by anyone claiming to work for us, please forward the e-mail or report the incident by e-mail to our Data Protection Officer at dpo@heala.ng.
  5. Submitting Information Through Heala
    When you submit information to Heala through our Platform, you may have the right to access and correct that information. Heala has systems in place to help you update and correct your personal data to ensure it is accurate and up to date, in compliance with the Nigeria Data Protection Act, 2023. To keep your information current, complete, and accurate, please notify our Data Protection Officer (DPO) or the Human Resources Unit if there are any changes to your personal information. If we do not hear from you, we will assume that your records are accurate and up to date.
  6. Minor
    Our Services are not intended for or directed at children under 18 years of age, and we do not knowingly collect Personal Information from children under the age of 18. If you learn that your child has provided us with Personal Information without your consent, then you may alert us at dpo@heala.ng. If we learn that we have collected any Personal Information from children under 18, then we will promptly take steps to delete such information and terminate the child’s account.
  7. Privacy Notice Updates
    Heala may update this Privacy Notice at any time by posting a revised version on our website and you will be deemed to agree to the changes if you keep using our Platform. If new processing requirements arise that are not covered by the existing lawful basis (such as your consent), we will request your consent or rely on another lawful basis in accordance with applicable laws. If you do not accept any changes, you should close your Heala account. Closing your account does not absolve you of any liabilities incurred before the closure.
  8. Security
    1. Heala is committed to safeguarding your personal information using top-tier security measures. We employ physical, technical, and administrative controls to prevent loss, misuse, unauthorized access, disclosure, and alteration of your data. Once logged into your Heala account, all internet communications are secured using Transport Layer Security (TLS) technology with AES 128-bit encryption and Elliptic Curve Diffie-Hellman key exchange (ECDHE) RSA.
    2. The security of your Heala account largely depends on the protection of your password. Do not share your password with anyone, as Heala employees will never request this information. Any email or correspondence requesting your password should be treated as suspicious and forwarded to dpo@heala.ng immediately. If you share your password with third parties, they will have access to your account and personal information, and you will be responsible for any actions taken with this information. Heala shall not be liable or responsible for any breach or loss arising from the disclosure of your password or other private information to any third parties. In the event you suspect unauthorised access to your password, change it immediately and notify us.
    3. Although we make good faith efforts to store Information in a secure operating environment that is not open to the public, you should understand that there is no such thing as complete security, and we do not guarantee that there will be no unintended disclosures of your Information. If we become aware that your Information has been disclosed in a manner not in accordance with this Notice, we will use reasonable efforts to notify you of the nature and extent of the disclosure (to the extent we know that information) as soon as reasonably possible and as permitted by law.
  9. Phishing
    Phishing is the name given to attempts to steal personal details and financial account details from a website user. “Phishers” use fake or “spoof” emails to lead users to counterfeit websites where the user is tricked into entering their personal details, such as credit card numbers, usernames and passwords.

    If you receive such an e-mail or are asked for your password by anyone claiming to work for us please forward the e-mail or report the incident by e-mail dpo@heala.ng.
  10. Contact Information
    For any questions about this Privacy Notice or Heala’s information services, you can contact us via our customer helplines or by email at dpo@heala.ng.