Privacy Policy

Effective Date: January 1, 2025

Last Updated: December 23, 2024

Version: 2.1

At Curamed Healthcare, protecting your privacy and the confidentiality of your health information is fundamental to our mission. This Privacy Policy explains how we collect, use, protect, and share your personal and health information when you use our home healthcare services.

Table of Contents

1. Information We Collect

1.1 Personal Information

Contact and Identity Information:

  • Full name, date of birth, and gender
  • Phone numbers (mobile and landline)
  • Email addresses
  • Home and office addresses
  • Emergency contact information
  • Government-issued identification numbers (when required)

1.2 Health Information

Medical and Health Data:

  • Medical history and current health conditions
  • Medications and supplements you're taking
  • Laboratory test results and diagnostic reports
  • Symptoms and health concerns you report
  • Doctor referrals and medical recommendations
  • Family medical history (when relevant)
  • Allergies and medical sensitivities

1.3 Service Usage Information

Platform and Service Data:

  • Account login credentials and preferences
  • Service booking history and appointment details
  • Payment information and billing history
  • Communication records with our team
  • Website and mobile app usage analytics
  • Device information and IP addresses

1.4 Corporate Client Information

Business and Employee Data:

  • Company contact information and billing details
  • Employee health screening data (with consent)
  • Corporate wellness program participation records
  • Aggregate health analytics and reporting data

2. How We Use Your Information

2.1 Healthcare Service Delivery

  • Schedule and conduct home collection appointments
  • Process laboratory tests and deliver results
  • Provide medical consultations and health advice
  • Coordinate care with your healthcare providers
  • Monitor your health trends and provide insights

2.2 Service Improvement and Communication

  • Send appointment reminders and test preparation instructions
  • Deliver test results and health reports
  • Provide customer support and respond to inquiries
  • Send health education materials and wellness tips
  • Improve our services based on user feedback

2.3 Legal and Administrative Purposes

  • Comply with Nigerian healthcare regulations and NDPR
  • Process payments and manage billing
  • Prevent fraud and ensure service security
  • Maintain accurate medical records
  • Respond to legal requests and protect our rights

2.4 Marketing and Analytics (With Consent)

  • Send information about new services and health packages
  • Provide personalized health recommendations
  • Conduct research to improve healthcare delivery
  • Create anonymized analytics for service enhancement

3. Information Sharing and Disclosure

4. Data Security and Protection

4.1 Technical Safeguards

🔐 Encryption

All data is encrypted in transit and at rest using industry-standard AES-256 encryption

🛡️ Access Controls

Multi-factor authentication and role-based access controls limit data access to authorized personnel only

🔍 Monitoring

24/7 security monitoring and threat detection systems protect against unauthorized access

☁️ Secure Infrastructure

Data hosted on ISO 27001 certified cloud infrastructure with regular security audits

4.2 Physical Safeguards

  • Secure facilities with controlled access and surveillance
  • Locked storage for physical documents and samples
  • Secure transportation protocols for sample collection
  • Clean desk policies and secure disposal procedures

4.3 Administrative Safeguards

  • Regular staff training on data protection and privacy
  • Confidentiality agreements for all employees and contractors
  • Incident response procedures for potential data breaches
  • Regular privacy and security assessments

4.4 Data Breach Notification

In the unlikely event of a data breach, we will:

  • Notify affected individuals within 72 hours
  • Report to relevant authorities as required by NDPR
  • Take immediate steps to contain and remedy the breach
  • Provide clear information about the incident and protective measures

5. Data Retention

5.1 Health Records

Medical Test Results:

Retained for 7 years as required by Nigerian healthcare regulations

Personal Health Information:

Maintained for the duration of our relationship plus 7 years

5.2 Service Data

Account Information:

Retained while your account is active plus 3 years after closure

Communication Records:

Maintained for 5 years for service quality and legal compliance

5.3 Marketing Data

Marketing Communications:

Retained until you unsubscribe or withdraw consent

Analytics Data:

Anonymized data may be retained indefinitely for service improvement

6. Your Rights and Choices

6.1 Access and Control

📋 Access Right

Request copies of your personal and health information

✏️ Correction Right

Update or correct inaccurate information

🗑️ Deletion Right

Request deletion of your data (subject to legal requirements)

📤 Portability Right

Receive your data in a portable format

6.2 Communication Preferences

You can control:

  • Marketing email subscriptions
  • SMS notifications and reminders
  • Health education communications
  • Service update notifications

Note: Essential service communications (appointment confirmations, test results) cannot be disabled for safety reasons.

6.3 How to Exercise Your Rights

Contact Methods:

  • Email: privacy@curamedhealthcare.com
  • Phone: +234 901 234 5678
  • Online: Submit request through your patient portal
  • Mail: Curamed Healthcare Privacy Office, Lagos, Nigeria

We will respond to your request within 30 days of verification.

7. Third-Party Services

7.1 Payment Processing

We use secure, PCI-DSS compliant payment processors. Your financial information is processed directly by these providers and not stored on our systems.

7.2 Analytics and Improvement

We may use analytics services to understand how our website and apps are used. These services may collect anonymous usage data to help us improve our services.

7.3 External Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before sharing information.

8. International Data Transfers

8.1 Data Location

Your data is primarily stored and processed within Nigeria. Some services may involve transfers to countries with adequate data protection levels.

8.2 Safeguards

When international transfers are necessary, we ensure appropriate safeguards are in place:

  • Adequacy decisions by Nigerian authorities
  • Standard contractual clauses
  • Binding corporate rules
  • Explicit consent where required

9. Children's Privacy

9.1 Parental Consent

For patients under 18 years old, we require verifiable parental or guardian consent before collecting or processing any personal or health information.

9.2 Special Protections

  • Enhanced security measures for children's data
  • Limited data collection to necessary healthcare purposes
  • Parental access rights to their child's information
  • Secure deletion when no longer needed

10. Changes to This Privacy Policy

10.1 Notification of Changes

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of significant changes through:

  • Email notification to registered users
  • Prominent notice on our website
  • In-app notifications for mobile users
  • Direct communication for material changes

10.2 Your Continued Use

Continued use of our services after notification of changes constitutes acceptance of the updated policy. If you disagree with changes, you may discontinue using our services.

Acknowledgment: By using Curamed Healthcare services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Document Version: 2.1 | Effective Date: January 1, 2025 | Last Review: December 23, 2024