Total Health Trust Ltd, including its associated companies, (“THT”) ”) values the confidentiality of personal data. This document details how the THT uses and protects personal data in accordance with the Nigeria Data Protection Regulation (NDPR) and other relevant privacy and data protection applicable laws in Nigeria.
This Privacy Notice also details how we collect and process your personal data when you interact with us, typically through the use of our website and social media pages (our “Online Channels“); or when you visit, interact with or use any of our offices and other offline activities (our “Offline Channels“). We have also detailed here what rights you have as a data subject under applicable laws.
Note that this Privacy Notice does not apply to job applicants or to employees and non-employee workers, whose personal data is subject to different privacy notices which are provided to such individuals in the context of their employment or working relationship with us.
Please read this document carefully to ensure informed consent. We take your privacy seriously and we will not abuse your trust by disclosing, exporting, or dealing with your personal data in a manner that is contrary to this Privacy Notice.
A. What is Personal Data?
Personal data refers to all types of:
- Personal information – “any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;”
- Sensitive personal information – “personal information about an individual’s race, ethnic origin, marital status, age, color, religious/philosophical/political affiliations, health, education genetic or sexual life, legal proceedings, government issued identifiers and other information specifically established by an executive order or an act of National Assembly to be kept classified;” and
- Privileged information – “any and all forms of information which, under the Rules of Court and other pertinent laws, constitute privileged communication, such as, but not limited to, information which a person authorised to practice medicine, surgery or obstetrics may have acquired in attending to a patient in a professional capacity”
B. Why does THT process Personal Data?
THT collects, uses, processes, stores and retains Personal Data when reasonable and necessary to perform its business processes effectively, safely and efficiently and in accordance with corporate policies. In particular, THT will collect your data in order to provide you with access to our Health Insurance Policies.
Personal information will at all time only be used for specific purposes, and the individual is aware of the information collected and what it will be used for.
Personal information may also be used for secondary purposes (processing beyond initial collection purposes), provided this further processing is disclosed to the individual or juristic entity. Consent will be gained for marketing purposes.
C. What type of personal data does THT collect and generate?
When you visit our website’s home page and browse some areas of the website, we may collect information captured in our web logs, including the website you came from (known as the referring URL), any of our online advertisements located on third party websites that you may have clicked on to access our website, your device information, unique identification numbers (e.g. IP address and device ID), browser information, website traffic and pages viewed, and other information about how you interacted with our website.
In some cases, you must register to access portions of our website or services. When you do register, we collect information that does not personally identify you, such as those highlighted above, and Personal Data which identifies or is capable of identifying you. The categories of Personal Data we collect at this point will typically depend on whether you are registering on our website as a policyholder, service provider, employer, or broker.
As we deal primarily with businesses and incorporated entities, the type of Personal Data we collect will generally include company data (such as the name, size and location of the company you work for and your role within the company), credentials (including passwords, password hints, and similar security information used for authentication and account access), contact information (such as your name and physical address, email addresses, and telephone numbers, Account Holder’s Name (for reimbursement purpose), bank name, bank account name and any other relevant information; professional information (such as your employer name, address, job title, department or job role), data from surveys and publicly available information (such as social media posts).
When you visit our offices or attend any of our physical events, we may also collect your Personal Data for identification, events management, security and promotional purposes.
Finally, if you contact us with a question, comment, or complaint, we may collect your name and contact information (such as your email address or mailing address) in order for us to respond to your request. We may also keep a record of the correspondence in order to assist you in the future.
D. How does THT ensure that Personal Data is accurate and up-to-date?
Data subjects are primarily responsible for ensuring that all personal data submitted are accurate, complete and up-to-date. From time to time, THT may request updated data; it is important that data subjects cooperate and provide the same. THT will take reasonable measures to ensure that all personal information under its control is complete, accurate, and will offer individuals various platforms and opportunities to update their personal information and exercise any other rights that they may have under applicable information privacy laws.
Note that if you submit any Personal Data that is not your own, you represent that you have the authority to do so and to permit us to use that Data in accordance with this Privacy Notice.
E. How We Use Your Personal Data
We may use the Personal Data collected from you:
- to provide you with access to our Health Insurance Policies;
- to contact you about services that we believe may be of interest to you;
- to fulfil a specific request and provide customer support;
- to maintain and protect the security of our Online Channels;
- to monitor, prevent and detect fraud, enhance security, monitor and verify identity or access, and combat spam or other security risks.
- to improve the accuracy of our records so that we can better understand your needs and preferences;
- to meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms; and
- to fulfil other purposes disclosed at the time you provide Personal Data or otherwise where we are legally permitted or are required to do so.
Where we need to process your Personal Data for additional purposes that we have not identified at the time of collection, we will make sure to obtain your consent for these additional uses to the extent required by applicable law.
F. Legal Bases for Processing Personal Data
Here, we have set out the relevant bases upon which we process your Personal Data. For ease of reference we have colour-coded the processing bases as follows: “Green” means most likely to be a relevant processing basis; “Orange” means may be a relevant basis and “Red” means unlikely to be a relevant processing basis.
The primary basis for processing your Personal Data is consent. When you visit our website, you will see a clear and unambiguous display of this Privacy Notice with a link to access and review the same. Before you can use our website, you will have to click a “Yes” or an “I Agree” button.
By clicking the “Yes” or “I Agree” button, you consent to the collection and use of your Personal Data in accordance with this Privacy Notice. Note that once you provide consent, you may change your mind and withdraw the consent at any time by contacting us at firstname.lastname@example.org. However, please note that consent withdrawal will not affect the lawfulness of any processing carried out before you withdraw your consent.
ii. Performance of a Contract
We may also process your information on the basis that we need to perform and fulfill a contract with you for the provision of health and other services or to take steps at your request prior to entering a contract. So, for instance, where you need to obtain health treatment and care, we may provide your Personal Data to accredited/affiliated third parties or independent/non-affiliated third parties, whether local or foreign, as necessary for the proper execution of processes related to the provision of health treatment; and where the use or disclosure is reasonably necessary, required or authorised by or under relevant laws or contracts.
iii. Legal Obligation
We may process your Personal Data where it is necessary to respond to a lawful request from a law enforcement or regulatory authority, body or agency; in the defense of legal claims or in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of any of our website’s terms.
iv. Vital Interests
We may process your Personal Data where it is necessary to protect an interest which is essential for your life, health, and bodily safety. For clarity sake, please note that this basis is limited in scope and will come into play in matters of life and death, for instance where we have not obtained your consent (because you are physically or legally incapable of giving it) or have any other appropriate legal basis for processing your personal data and We have to manage a situation of emergency medical care involving you. We will not rely on this basis where you expressly refuse consent (unless you are not competent to do so).
v. Public Interest
We may process your information where it is necessary for the performance of a task carried out in the public interest or in order to fulfil a public mandate imposed on us.
G. With whom may THT share Personal Data?
As a general rule, THT does not and will not share Personal Data with third parties except as necessary for the proper execution of processes related to the provision of health care, or the use or disclosure is reasonably necessary, required or authorized by or under law.
When we share your Personal Data with third parties, we require those third parties to enter into a Third-Party Data Processing Contract with us that requires them to use the Personal Data we transfer to them in a manner that is consistent with this Privacy Notice and applicable laws.
H. How does THT protect Personal Data?
THT strictly enforces its Privacy Notice. It has implemented technical, organisational and physical security measures to protect Personal Data from loss, misuse, unauthorized modification, unauthorized or accidental access or disclosure, alteration or destruction. THT uses safeguards such as the following: *Use of secured servers and firewalls, *Encryption on computing devices; *Restricted access only for qualified and authorized personnel; and *Strict implementation of information security policies.
I. Where and how long does THT keep Personal Data?
THT stores Personal Data in both local and remote facilities, such as data centre (on premises and cloud) and physical document storage facilities. Records will only be kept for such time as the individual or juristic entity has a relationship with THT or as required by law or to support a business need, following which they will be archived or securely disposed of. Related to this, we may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
J. What are the rights of data subjects under the Nigeria Data Protection Regulation?
Data subjects have the following rights: *Right to be informed; *Right to object; *Right to access; *Right to rectify or correct erroneous data; * Right to restrict, in certain circumstances, the processing of your Personal Data; *Right to have your Personal Data erased from our systems; *Right to indemnify for damages; *Right to file a complaint; *Right to make a complaint to the relevant authority; and *Right to withdraw your consent.
You may exercise any of the above rights by emailing us at email@example.com. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. We will always respond to any request you make and if we can’t comply with your request, we will inform you of the reasons why.
K. Transfer across borders
Sometimes we will process your personal information in other countries, either to carry out your instructions or for ordinary business purposes. These countries may not have the same level of protection. We will only process your personal information with your consent. If necessary, we will ask the party to whom we transfer your personal information to agree to our privacy principles, associated policies and practices.
M. Your right to lodge a complaint
You have a right to complain to the National Information Technology Development Agency (NITDA) at any time if you object to the way in which we use your personal information, but we ask that you please contact us first to see if we can provide you with an adequate remedy.
N. Who should you contact at THT in case of enquiry, feedback or complaints?
You can contact us at any time. Should you have any enquiries, feedback, and/or complaints, you may reach the Data Protection Officer (DPO) through the following contact details: Data Protection Officer, Total Health Trust Ltd, 2, Marconi Road, Palmgrove Estate, Lagos, Nigeria. Tel: (234)01- 4482105, +2348181803779. E-mail: firstname.lastname@example.org
O. Changes to our Privacy Notice
This Privacy Notice is effective from the date indicated above and will remain so until changes in its provisions are posted on this page, which will then become effective immediately.
We reserve the right to update or change our Privacy Notice at any time and you should check this page periodically. If we make any material changes to this Privacy Notice, we may notify you either through the email address you have provided us, or by placing a prominent notice on our website or other Online Channels.