Current as of 20.8.2024

Privacy Policy

Your privacy is important to us at Huddle. We respect your privacy regarding any information we may collect from you across our website.

Introduction

EHA Clinics Limited (“the Company” or “EHA Clinics”) is a health company, with one of its products being “Huddle”. Through Huddle, the Company shall collect, use and store certain Personal Data. The Company is responsible for ensuring that it uses the Personal Data collected in compliance with relevant data protection laws such as the Nigeria Data Protection Act and the Nigeria Data Protection Regulations (“NDPR”). At EHA Clinics we value our members and respect their privacy as it relates to the use of their Personal Data. 

Whenever we ask you to provide certain information by which you can be identified when using the Huddle App or related applications, be assured that it will only be used in accordance with this privacy policy. The Company may change this policy from time to time by updating this page. You should check this page regularly to ensure that you are aware of any changes.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE HANDLE YOUR INFORMATION. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT USE THE SERVICES.

This Privacy Policy contains the following sections:

  • Purposes for How We Use Your Information
  • Online Analytics and Advertising
  • How We Share and Disclose Your Information
  • Your Marketing Choices
  • Third-Party Services and Notice About Health Information
  • How We Protect Your Information
  • Retention of Your Information
  • How We Safeguard Your Information
  • International Transfer of Personal Data
  • How Long We Keep Your Personal Data
  • Revisions to Our Privacy Policy
  • Your Rights
  • Contacting Us

The Information We Collect and the Sources of Such Information

We obtain information about you through the means discussed below when you use the Services. Please note that we need certain types of information so that we can provide the Services to you. If you do not provide us with such information, or ask us to delete it, you may no longer be able to access or use part or all of our Services.

1. Information You Provide to Us

We collect a variety of information that you provide directly to us. For example, we collect information from you through these processes but not limited to:

  • User Account creation/registration
  • Questions, communications, or feedback you submit to us via forms or email
  • Requests for customer support and technical assistance, including through online chat functionalities.This may include videos, audios, images or files you upload to our chat-based support system to help us diagnose and resolve support related issues you report.
  • Employment applications you submit

The specific types of information we collect will depend upon the Services you use, how you use them, and the information you choose to provide. The types of data we collect directly from you include:

  • Name, address, telephone number, date of birth, educational and professional information/history, work experience, email address
  • Log-in credentials, if you create an account
  • Billing information, such as shipping address, credit or debit card number, verification number, expiration date, and identity verification information (e.g., driver's license or other identifiers), collected by our payment processors on our behalf
  • Information about purchases with us
  • Information about your customer service interactions with us
  • Demographic information such as your gender, race/ethnicity, age, and similar information in connection with the Services
  • Information about others, such as if you share a family or friend's email address or contact information to allow access to your information or name them as an emergency contact
  • Any other information you choose to directly provide to us in connection with your use of the Services.

2. Information We Collect Through Automated Means

We collect certain information about your use of the Services and the devices you use to access the Services, as described in this Section. As discussed further below, we and our service providers (which are third-party companies that work on our behalf), may use a variety of technologies, including cookies, SDKs, and similar tools, to assist in collecting this information. Our Websites . When you use our Websites, we collect and analyze information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs) referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services, error logs, and other similar information.

Our Apps. When you use our Apps, we automatically receive certain information about the mobile phone, tablet, or computer used to access the Apps, including a mobile device identifier, advertising identifiers (in accordance with your device settings), IP address, operating system, version, Internet service provider, browser type, domain name, and other similar information, whether and when you update the Apps, date and time of use, and how you use the Apps, including time spent in different portions of the application. Location Information . When you use the Services, we and our service providers may automatically collect general location information (e.g., IP address, city/state, and or postal code associated with an IP address) from your computer or mobile device. This information allows us to access content that varies based on a user's general location (e.g., to provide you with accurate sales tax information and to deliver content customized to your location).

Our Use of Cookies and Similar Online Tools . To collect the information discussed in this Section, we and our service providers use web server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. We use these technologies to offer you a more tailored experience.

  • A web server log is a file where website activity is stored.
  • An SDK is a set of tools and/or code we embed in our Apps and software to allow third parties to collect information about how users interact with the Services.
  • A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer/device; (ii) store your preferences and settings; (iii) understand the parts of the Services you have visited and used; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.
  • Employment applications you submit

As we adopt additional technologies, we may also gather information through other methods.

Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information (e.g., Internet Explorer ; Google Chrome ; Mozilla Firefox ; or Apple Safari ). Please note that by blocking, disabling, or managing any or all cookies, you may not have access to certain features or offerings of the Services.

3. Information We Collect From Social Media and Other Content Platforms

When you “like” or “follow” us on Facebook, Instagram, Twitter, or other social media sites, we may collect some information from you including your name, email address, and any comments or content you post relevant to us. We also collect your information if you sign up for one of our promotions or submit information to us through social media sites.

If you access the Services through a third-party connection or log-in (e.g., through a social network or third-party authentication tool), you may allow us to have access to and store certain information from such third parties depending on your settings on such services. If you do not wish to have this information shared, do not use these connections to access the Services. For a description of how these third parties handle your information, please refer to their privacy policies and terms of use, which may permit you to modify your privacy settings.

Similarly, if you choose to connect your App to third-party platforms or tools, or with other apps on your device (e.g., your contacts, photos, or calendar), such third parties and tools may allow us to have access to and store additional information as it relates to your use of the Services (e.g., access your calendar to help you schedule an appointment). If you do not wish to have this information shared, do not initiate these connections.

4. Information We Receive From Other Sources

We work closely with third parties (including, for example, government agencies, such as the National Identity management commission, Medical & Dental Council of Nigeria, Nursing and Midwifery Council of Nigeria etc with whom we partner to provide you with the Services, analytics providers, licenced learning portals, payment providers, and other chat applications). Such third parties will sometimes provide us with additional information about you.

Purposes for How We Use Your Information

In connection with providing, you with the Services, we may use your information for our business purposes to:

  • To allow you to use and access the functionality provided by the Huddle App.
  • Engage in internal research to understand the effectiveness of our Services, improve our Services, and better understand our user base. If we publish or provide the results of this research to others, such research will be presented in a de-identified and aggregate form such that individual users cannot be identified.
  • Communicate with you about the Services, your use of the Services, or your inquiries related to the Services.
  • Communicate with you by email, or phone about surveys, promotions, special events or our products and Services.
  • Provide you with technical support and customer service, and troubleshoot any technical issues or errors.
  • Verify your identity and administer your account, including processing your payments and fulfilling your orders.
  • Ensure that content from our Services is presented in the most effective manner for you and for your computer or device, allow you to participate in interactive features of our Services (when you choose to do so), and as part of our efforts to keep our Services safe and secure.
  • Provide you with more relevant advertisements and personalized content, and measure or understand the effectiveness of advertising and content we serve to you and others, and to deliver and customize relevant advertising and content to you.
  • Help us better understand your interests and needs, such as by engaging in analysis and research regarding the use of the Services.
  • Comply in good faith with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others.
  • Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others, such as protecting against malicious, fraudulent, or illegal activity.
  • Carry out services for third party government partners

Combined Information. For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use and share such combined information in accordance with this Privacy Policy.

Aggregate/De-Identified Data. We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including for research and marketing purposes, and may also share such data with any third parties, including government agencies.

How We Handle Media (Files, Images, Videos, Audios) You Share On Our App

In dealing with support-related issues you report using our chat-based support system, you may optionally provide media such as audios, videos, images or files to help us better understand, diagnose and resolve your issue. The files you share with us are stored on secure servers and not on your device. They are used strictly for resolving issues you report and are disposed securely after your issue is resolved.

How We Share and Disclose Your Information

We may share your information for our business purposes in the following ways:

  • To allow you to use and access the functionality provided by the Huddle App.
  • Government Healthcare Agencies / Parastatals . We share your information with Government Agencies or Public Healthcare Sector.
  • Service Providers. We provide access to or share your information with select third parties who use the information to perform services on our behalf. They provide a variety of services to us, including billing, sales, marketing, advertising, analytics, research, customer service, shipping and fulfillment, data storage, IT and security, fraud prevention, payment processing, and auditing and legal services. These entities may also include health care organizations, pharmacies, and other third parties we use to support our business or in connection with the administration and support of the Services.
  • Protection of EHA Clinics. By using the Services, you acknowledge and agree that we may access, retain and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process (e.g. a subpoena or court order); (b) enforce our Terms of Use, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; (d) respond to your requests for customer service; and/or (e) protect the rights, property or personal safety of EHA Clinics, its agents and affiliates, its users and/or the public. This includes exchanging information with other companies and organizations for fraud protection, spam/malware prevention, and similar purposes.
  • Business Transfers. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions, (including in contemplation of such transactions) user information may be among the transferred assets. If a portion or all of our assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.
  • Consent. We may also disclose your information in other ways you direct us to and when we have your consent.
  • Ensure that content from our Services is presented in the most effective manner for you and for your computer or device, allow you to participate in interactive features of our Services (when you choose to do so), and as part of our efforts to keep our Services safe and secure.
  • Aggregate/De-Identified Information. We reserve the right to create Aggregate/De-Identified Data from the information we collect through the Services and our sharing of such Aggregate/De-Identified Data is at our discretion.

Your Marketing Choices

You may instruct us not to use your contact information to contact you by email, postal mail, or phone regarding products, services, promotions, and special events that might appeal to your interests by contacting us using the information below. In commercial email messages, you can also opt-out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by this Privacy Policy or as required by applicable law. For example, you may not opt-out of certain operational emails, such as those reflecting our relationship or transactions with you.

Third-Party Services and Notice About Health Information

We may share your Personal Data and Sensitive Personal Data within the EHA Clinics Group for the purposes described above. We may also share your Personal Data outside of EHA Clinics Group for the following purposes:

  • with third party agents and contractors for the purposes of providing services to us (for example, EHA Clinics accountants, professional advisors, IT and communications providers). These third parties will be subject to appropriate data protection obligations and they will only use your Personal Data as described in this Privacy Policy; and
  • To the extent required by law, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with disclosures to regulators), or to establish, exercise or defend its legal rights.

We may also disclose anonymised and aggregated Sensitive Personal Data about our members to third parties such as partners, sponsors and journalists to campaign for better diversity and inclusion.

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices, including data privacy and security process and standards of any third parties, including physicians and other health care providers using the Services, the manufacturer of your mobile device and other IT hardware and software, and any other third-party mobile application, website, or service to which our Services may contain a link. These third parties may at times gather information from or about you. We have no control over the privacy practices of these third parties. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites or services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third parties.

How We Protect Your Information

EHA Clinics takes a variety of technical and organizational security measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure. As such, you acknowledge and accept that we cannot guarantee the security of your information transmitted to, through, or on our Services or via the Internet and that any such transmission is at your own risk. Where we have given you (or where you have chosen) a password that enables you to access the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. The information you share in public areas may be viewed by any user of the Services.

How We Store and Transmit Your Information

Your personal health information such as illnesses, allergies, diagnoses, prescriptions and medications are stored on secure servers. We do not store this sensitive information on your mobile device. We securely encrypt all transmitted data between the app and our secure servers. All personal medical information collected from you is handled using strict security procedures to prevent unauthorized access. We do not store your payment information (credit or debit card details) as all payment is processed through a third payment gateway having the highest levels of security (PCI DSS 3.2 Compliant Level 1 Service Provider). This technology ensures that all payments on the app are securely encrypted to prevent fraud.

Retention of Your Information

We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and used it and/or as required to comply with applicable laws.

International Transfers of Personal Data

EHA Clinics has a global vision, and as a result we may collect and transfer Personal Data on an international basis. That means that we may transfer your Personal Data to locations outside of Nigeria.

Where we transfer your Personal Data to another country outside Nigeria, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of Nigeria. In the event of transmission of your Personal Date out of Nigeria, we shall ensure that the transferee is governed by the relevant Data Protection Laws.

How we Safeguard your Information

We have extensive controls in place to maintain the security of our information and information systems. Your files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to authorised employees.

As a condition of employment (and volunteering) EHA Clinics employees (and volunteers) are required to follow all applicable laws and regulations, including in relation to data protection laws. To the extent that sensitive Personal Data is processed by us, access to it is limited to those employees (and volunteers) who need it to perform their roles. Unauthorised use or disclosure of confidential client information by an EHA Clinics employee (or volunteer) is prohibited and may result in disciplinary measures.

When you contact a EHA Clinics employee (or volunteer) about your file, you may be asked for some Personal Data. This type of safeguard is designed to ensure that only you, or someone authorised by you, has access to your file.

How Long we Keep your Personal Data

How long we will hold your Personal Data for will vary and will be determined by the following criteria:

  • the purpose for which we are using it – EHA Clinics will need to keep the data for as long as is necessary for that purpose; and
  • legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.

Revisions to Our Privacy Policy

We reserve the right to change this Privacy Policy at any time to reflect changes in the law, our data collection, and use practices, the features of our Services, or advances in technology. We will make the revised Privacy Policy accessible through the Services, so you should review it periodically. The date this Privacy Policy was last revised is identified at the top of the document. You are responsible for periodically monitoring and reviewing any updates to the Privacy Policy. If we make a material change to the Privacy Policy, we will provide you with appropriate notice in accordance with legal requirements. Your continued use of our Websites or Apps after such amendments (and notice, where applicable) will be deemed your acknowledgment of these changes to this Privacy Policy.

Your Rights

In all the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. These rights include:

  • the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;
  • the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation. Withdrawing your consent may also mean ceasing to be a User of our Services;
  • in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit that data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to EHA Clinics;
  • the right to request that we rectify your Personal Data if it is inaccurate or incomplete;
  • the right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data but we are legally entitled to retain it. Erasing your Personal Data may also mean ceasing to be a User of our Services;
  • the right to object to, or request that we restrict, our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your Personal Data but we are legally entitled to refuse that request; and
  • he right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.

You can exercise your rights by contacting us using the details listed below.

Contacting Us

If you have any questions about this Privacy Policy or EHA Clinics’ privacy practices, please contact us at:

EHA Clinics Limited 4-6 Independence Road Kano info@huddle.ng