Skip to main content
ProHealth HMO Limited
ProHealth HMO Limited
Health for Wealth

Privacy Policy

This Policy provides information on how ProHealth HMO (the Company) collects, processes, and protects your personal data when you visit our website and mobile applications (Android & IOS) or generally communicate with our personnel. It further explains the rights that you have in relation to your personal data.

The DPO shall be responsible for overseeing this Policy to ensure compliance with the provisions of the NDPA.


Our privacy commitment: ProHealth HMO has never sold your information to someone else for advertising, or made money by showing you other people's ads, and we never will. This has been our approach for almost 14 years, and we remain committed to it. This policy tells you what information we collect from you, what we do with it, who can access it, and what you can do about it.

Information we collect and control

We may collect any of the following personal data from you:
• Contact details such as your full name, postal addresses, phone numbers and email addresses.
• Demographic information such as your date of birth and gender.
• Online registration information such as your password and other authentication information.
• Payment details such as your credit card information and billing address.


You provide this information through direct interaction when you visit our Site, sign up for our newsletters or publications, request marketing materials to be sent to you, respond to surveys, complete our feedback or comment form, provide your business card to any of our staff, sign our visitor management form, complete other forms, apply for employment through our careers page, or contact us to request for any information or other correspondence by post, email, our website or otherwise.


We automatically collect and store certain types of information regarding your use of our Site including information about your searches, views, downloads, and purchases.


We're required to have a legal basis for collecting and processing your information. In most cases, we either have your consent or need the information to provide the service you've requested from us. When that's not the case, we must demonstrate that we have another legal basis, such as our legitimate business interests.


Cookies

A cookie is a small text file that is stored on your computer or other internet connected device in order to identify your browser, provide analytics, remember information about you such as your language preference or login information. They're completely safe and can't be used to run programs or deliver viruses to your device. Cookies allow us to differentiate every user from each other, which helps us to provide you with an improved browsing experience. The information is gained in a statistical manner for our use or advertisers’ use on our Site. The data gathered will not identify you personally. It is strictly aggregate statistical data about our visitors and how they used our resources on the site. No identifying personal information will be shared at any time via cookies. Close to the above, data gathering can be about general online use through a cookie file. When used, cookies are automatically placed in your hard drive where information transferred to your computer can be found. These cookies are designed to help us correct and improve our Site’s services or products for you. You may chose to decline all cookies via your computer. Every computer has the ability to decline file downloads like cookies. Your browser has an option to enable the declining of cookies. If you do decline cookie downloads you may be limited to certain areas of our Site, as there are parts of our Site that require cookies. Any of our advertisers may also have a use for cookies. We are not responsible, nor do we have control of the cookies downloaded from advertisements. They are downloaded only if you click on the advertisement.


Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires or you delete your cookies. Expiration dates are set in the cookies themselves; some may expire after a few minutes while others may expire after multiple years. Cookies placed by the website you’re visiting are called “first party cookies".


What we do with your information

We use your information to provide the services you've requested, create and maintain your accounts, and keep an eye out for unauthorized activity on your accounts. We also use it to communicate with you about the products you're currently using, your customer support requests, new products you may like, chances for you to give us feedback, and policy updates. We analyze the information we collect to understand user needs and to improve our websites and services.

We're required to have a legal basis for collecting and processing your information. In most cases, we either have your consent or need the information to provide the service you've requested from us. When that's not the case, we must demonstrate that we have another legal basis, such as our legitimate business interests.


You can decline certain kinds of information use either by not providing the information in the first place or by opting out later. You can also disable cookies to prevent your browser from giving us information, but if you do so, certain website features may not work properly. We completely disable non-essential and intrusive third-party cookies from our website and products.


We limit access to your personal information to our employees and contractors who have a legitimate need to use it. If we share your information with other parties (like developers, service providers, domain registrars, and reselling partners), they must have appropriate security measures and a valid reason for using your information, typically to serve you.


We keep your personal information for as long as it is required for the purposes stated in this Privacy Policy. When we no longer have a legitimate need to process your information, we will delete, anonymize, or isolate your information, whichever is appropriate.


There are some limitations to the privacy we can promise you. We will disclose personal information if it's necessary to comply with a legal obligation, prevent fraud, enforce an agreement, or protect our users' safety. We do not currently honor Do Not Track signals from internet browsers; when a universal standard for processing them emerges, we will follow it.


Third-party websites and social media widgets have their own separate privacy policies. Always check the relevant privacy policy before sharing personal information with third parties.


You can always contact us to: ask questions about our privacy practices, alert us if you believe we have collected personal data from a minor, or ask to have your personal information removed from our blogs or forums.

We will contact you to let you know if we make any major changes to our privacy policy, or in the highly unlikely event that we ever decide to sell our business.

Legal basis for processing your personal data

Legal processing bases applicable to ProHealth HMO : If you are an individual, our legal basis for information collection and use depends on the personal information concerned and the context in which we collect it. Most of our information collection and processing activities are typically based on (i) contractual necessity, (ii) one or more legitimate interests of ProHealth HMO or a third party that are not overridden by your data protection interests, or (iii) your consent. Sometimes, we may be legally required to collect your information, or may need your personal information to protect your vital interests or those of another person.


Withdrawal of consent : Where we rely on your consent as the legal basis, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place.


Legitimate interests notice : Where we rely on legitimate interests as the legal basis and those legitimate interests are not specified above, we will clearly explain to you what those legitimate interests are at the time that we collect your information.


We are committed to ensuring that we legally process your personal data in our custody.


Who we share your information with

All ProHealth HMO entities listed here have access to the information covered in Part I. We do not sell any personal information. We share your information only in the ways that are described in this Privacy Policy, and only with parties who adopt appropriate confidentiality and security measures.


Employees and independent contractors : Employees and independent contractors of relevant ProHealth HMO entities have access to the information covered in Part I on a need-to-know basis. We require all employees and independent contractors of ProHealth HMO entities to follow this Privacy Policy for personal information that we share with them.


Third-party service providers : We may need to share your personal information and aggregated or de-identified information with third-party service providers that we engage, such as healthcare providers, pharmacies, diagnostics centers advertising partners, event organizers, web analytics providers and payment processors. These service providers are authorized to use your personal information only as necessary to provide these services to us.


We may need to share your personal data with third parties under the following circumstances: a. To enable provide our services to you, end to end; b. To analyze data, provide marketing assistance, process payments, transmit content, and provide customer service; c. To comply with applicable laws and regulations or to respond to valid legal processes, including from law enforcement or other government agencies; d. To protect the rights of our customers, operate and maintain the security of our systems and network to ensure the preservation of life and property and prevention of fraud and cyberattack; and
e. To protect the rights or property of ProHealth HMO or others, including enforcing our agreements, terms, and policies.


Retention and security of information

We retain your personal information for as long as it is required for the purposes stated in this Privacy Policy. Sometimes, we may retain your information for longer periods as permitted or required by law, such as to maintain suppression lists, prevent abuse, if required in connection with a legal claim or proceeding, to enforce our agreements, for tax, accounting, or to comply with other legal obligations. When we no longer have a legitimate need to process your information, we will delete or anonymize your information from our active databases. We will also securely store the information and isolate it from further processing on backup discs until deletion is possible.


We take the security of your personal data in our possession seriously. In line with our commitment to protect your personal data in our possession, we have developed appropriate organizational, technical, and physical measures to protect the personal data you provide, or we collect against unauthorized access, loss or theft, as well as against any risk of loss, disclosure, copying, misuse or modification. Such measures include but are not limited to the use of secure servers, firewall, multiple factor authentication security, data anonymization, and pseudonymization (as may be necessary), data encryption, and granting access on a need-to-know basis only to employees in order to perform their job responsibilities.


Your rights with respect to information we hold about you as a controller

You have the following rights with respect to information that ProHealth HMO holds about you. ProHealth HMO undertakes to provide you the same rights no matter where you choose to live.


Right to access : You have the right to access (and obtain a copy of, if required) the categories of personal information that we hold about you, including the information's source, purpose and period of processing, and the persons to whom the information is shared.


Right to rectification : You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.


Right to erasure : You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.


Right to restriction of processing : You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.


Right to data portability : You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means.


Right to object : You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.


Right to complain : You have the right to complain to the appropriate supervisory authority if you have any grievance against the way we collect, use or share your information. This right may not be available to you if there is no supervisory authority dealing with data protection in your country.


Data subject access request response process

a. Where you wish to exercise any of your data privacy rights, you may make a formal request by completing and uploading the completed Data Subject Access Request Form (DSAR Form).


b. We shall contact you within 5 working days of the receipt of the DSAR Form to confirm receipt of the subject access request and may request additional information to verify and confirm the identity of the individual making the request.


c. On receiving any request from you, we shall record the request and carry out verification of the identity of the individual making the request using the details provided in the DSAR Formand a valid means of identification such as international passport, driver’s license, national identification card or any other acceptable means of identification.


d. Where the request is from a third party (such as a relative or your representative), we will verify their authority to act for you and may contact you to confirm their identity and request your consent to disclose the information.


e. When your identity is verified, we shall coordinate the gathering of all information collected with respect to you in a concise, transparent, intelligible, and easily accessible form, using clear and plain language with a view to responding to the specific request. The information may be provided in writing, or by other means, including, where appropriate, by electronic means or orally provided that your identity is proven by other means. We may also contact you to ask you for further information in relation to your request to speed up our response.


f. Where the information requested relates directly or indirectly to another person, we will seek the consent of that person before processing the request.

However, where disclosure would adversely affect the rights and freedoms of others and we are unable to disclose the information, we will inform you promptly, with reasons for that decision.


Time-frame and fees

• We shall ensure that we provide you with the requested information within one month from the receipt of the request. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. However, where we are unable to act on your request, we shall inform you promptly at least within one month of receipt of the request of the reasons for not taking action and give you the option of lodging a complaint with the Nigeria Data Protection Commission (NDPC), in line with the Nigeria Data Protection Act (NDPA) and Nigeria Data Protection Regulations (NDPR).


• Where the request relates to any perceived violation of your rights, we shall take appropriate steps to remedy such violations, once confirmed. Remedies shall include but not limited to the investigation and reporting to appropriate authorities, recovering the personal data, correcting it and/ or enhancing controls around it. You shall be appropriately informed of the remedies employed.


• Any information provided to you by us shall be provided free of charge. However, where requests are manifestly unfounded or excessive in particular because of their repetitive or cumbersome nature, we may: a. Charge a reasonable fee taking into account the administrative costs of providing the information or communication, taking the action required, or making a decision to refuse to act on the request; or b. Write a letter to you stating our refusal to act on the request and copying the NDPC.


Exceptions to data subject access rights

 • To the extent permitted by applicable laws, we may refuse to act on your request, if at least one of the following applies: a. in compliance with a legal obligation to which we are subject; b. protecting your vital interests or of another natural person; and c. for public interest or in exercise of official public mandate vested in us.


Data Protection Officer

We have appointed a Data Protection Officer to oversee our management of your personal information in accordance with this Privacy Policy. If you have any questions or concerns about our privacy practices with respect to your personal information, you can reach out to our Data Protection Officer by sending an email to dpo@prohealthhmo.com.


Privacy policy review

We may need to review and make necessary updates, modifications, or amendments to our Privacy Policy to ensure compliance with applicable data protection legislation including the NDPA and NDPR, or as a result of changes in our systems and processes arising from the use of technology. You will be notified through a service announcement or by sending an email to your primary email address. If we make significant changes to the Privacy Policy that affect your rights, you will be provided with at least 30 days' advance notice of the changes by email to your primary email address. However, if you have not verified your email address, you may miss important notifications that we send through email. If you think that the updated Privacy Policy affects your rights with respect to your use of our products or services, you may terminate your use by sending us an email within 30 days. Your continued use after the effective date of changes to the Privacy Policy will be deemed to be your agreement to the modified Privacy Policy. You will not receive email notification of minor changes to the Privacy Policy. We will notify you of any material changes in the way we collect and process your personal data by placing a notice online or via email. Your continuous use of our services after such notice, will be construed as your consent to carry on with the processing of your personal data.