Privacy Policy

Privacy & Cookies Policy
Last updated: May 25th, 2021

Personal Information Privacy Policy

Marigold Hospital and Critical Care Centre Limited (MHCCCL or the “Hospital”) is dedicated to protecting the confidentiality and privacy of information entrusted to us by staff, patients, customers and all stakeholders. Our Data Protection and Privacy Policy indicates that we are dedicated to and responsible for processing the information of our customers, staff and other stakeholders with absolute caution and confidentiality. This policy describes how we collect, use, store, handle and secure personal information (sometimes referred to as “Personal Information”, “Personally Identifiable Information” or “PII) fairly, transparently, and with confidentiality.

This privacy policy sets out our current policies and demonstrates our commitment to privacy. MHCCCL provides world class and affordable patient centered healthcare solutions through its online/digital platforms and office located 12/14 Adeniyi Street, Surulere, Lagos State, Nigeria. Our personal data protection principles are applied based on this Privacy Notice at all relevant location where hosting and processing takes place.

Our intent is to collect only the personal information that is provided voluntarily by our patients, customers or online visitors so that we can offer information and/or services to those for specific and legitimate purposes. Please review this Privacy Notice to learn more about how we collect, use, share and protect the personal information that we obtain. Our Privacy Notice may change at any time but it will be updated on our website. It is accepted that your continued use of our online platforms will mean that you agree to the changes.

Data Protection Policy

The MHCCCL’s Information Protection Policy (IPP) applies to personal information processed by the Hospital as a data controller and as described in this policy. The policy explains what information we collect about our customers, how we use that information, who we share it with, the circumstances under which we may share it and what steps are taken to make sure it stays private and secure. The policy also clearly outlines the right of customers in respect of information collected in the course of business.

This Privacy Policy stipulates the Hospital’s approach to handling collected customer data and rights with regards to our collection, use, storage and sharing of the personal data which may be collected by the Hospital in the course of providing you with exceptional healthcare services, collectively referred to herein as MHCCCL’s “services”, across all our delivery channels to meet customer’s needs.

It is important to know that the policy continues to apply even if the customer agreement for our services with MHCCCL ends and it covers any service which customers have with MHCCCL e.g. consultancy, surgery, health assessment, pediatrics, dialysis, endoscopy, physiotherapy and rehabilitation services, among others.

Collection and Use of Personal Information

2.1. What we collect

We obtain personal information about you if you choose to provide it —for example, to fulfill your request and to provide the requested and / or agreed services. In some cases, you may have previously provided your personal information to MHCCCL (if, for example, you are a former customer or have had an established agreement or contract with MHCCCL). By submitting personal information to MHCCCL, you are also acknowledging that MHCCCL may use this information in accordance with this Privacy Policy.

Your personal information is not used for purposes other than those listed in this document, unless we obtain your permission, or unless otherwise required by law. In general we collect and generate the following information:

Individual personal information (e.g. name, previous names, blood group, health status, genotype, date and place of birth, etc.).
Individual personal contact details (e.g. address, email address, landline, fax and/or mobile numbers).
Identity information (e.g. photo ID, passport, utility bill, national ID card and/or nationality).
User authentication login and subscription data (e.g. login credentials for online rending of our Hospital services).
Financial information.
Information about the ways you interact with MHCCCL (e.g. channels used, geographic information, software used and information concerning your complaints).
Any information received from external authoritative registers required for compliance purposes.
Information captured in customer documentation or data exchange such as application forms or advice documents or via telephone (e.g. records of advice).
Marketing and promotional information (e.g. details of the services we offer and your preferences).
Cookies and similar technologies used to remember your preferences and tailor content.
Data or records of correspondence related to relevant exchanges of information (e.g. emails).
Information to fulfill regulatory obligations (e.g. transaction details, user activity).
Information from other entities (e.g. relevant transaction information).
Information from third parties providing information to identify and manage fraud.
Closed circuit television (CCTV) in and around MHCCCL facilities (these may collect photos or videos of you).
Other information about you that is voluntarily provided by filling in online forms or by communicating with us, whether face-to-face or via other available channels (e.g. by phone, email, online).

2.2 Why we collect it and the Legal Grounds

MHCCCL generally collects only the personal information necessary to fulfill your request and to provide the requested and/or agreed services. Where additional, optional information is sought, you will be notified of this at the point of collection. The applicable law allows us to process personal information, so long as we have a ground under the law to do so. It also requires us to tell you what those grounds are. As a result, when we process your personal information, we will rely on one of the following processing conditions:

Performance of a contract: This is when the processing of your personal information is necessary in order to perform our obligations under a contract but also to be able to complete our acceptance procedure so as to enter into a contract;
Legal obligation or for public interest: This is when we are required to process your personal information in order to comply with a legal obligation, such as keeping records for complying with any tax obligations, regulatory purposes, or providing information to a public body or law enforcement organization;

Legitimate interests: where necessary, we may process information about you where there is a legitimate interest for us or a third party with respect to your health interests, except where such interests are overridden by your interests, fundamental rights and freedoms; or you expressly deny.

Consent: We may occasionally ask you for specific permission to process some of your personal information for some or more specific purposes such as research and studies, and we will only process your personal information in this way if you so agree.
1. What constitutes consent? Your consent is given when you consume our services, navigate our website, tick our online forms or boxes, subscribe to our email alerts, and attend our online/offline events and other events, or when you voluntarily submit your personal data to us.
2. How do you withdraw your consent? You may withdraw your consent at any time by unsubscribing to our email alerts or other digital platforms or by contacting the MHCCCL Data Protection Officer (DPO) via IT@marigoldhospital.ng

In general we process, transfer and disclose your information to:

Provide you with our healthcare services (including via online platforms).
Verify your identity (e.g. for authentication purposes).
Deal with your transactions or carry out instructions.
Perform data analytics and understand your preferences and how you use the provided services.
Keep record keeping and accountability.
Meet compliance and legal obligations such as to comply with the extant Data regulatory framework.
Manage our relationship with you (including any activities you agree to).
Obtain reports of an online problem (e.g. with the MHCCCL site).
Enforce or defend the rights of a member, staff or customer of MHCCCL.
For internal operational support and administrative purposes (e.g development of our service, audit and risk management).
Ensure security and Organizational continuity.
For service quality management and service improvement.
Correspond with third parties (e.g. vendors, HMO, regulators and intermediaries).
To facilitate dissemination of information about our association and events.
For the purpose of registration and participation at our online and offline events.
To respond to and build on any feedback you send us.

2.3 Retention of Information

We will only retain your personal data for the duration of 20 years for the purposes set out in this policy or our contract with you; and will only be destroyed before this expiration period when you exercise your right to request deletion of personal data, or otherwise required by law.

After expiration of any of the aforementioned periods as applicable, your personal data will be irreversibly destroyed. This allows us to comply with legal and regulatory requirements or fulfill our legitimate purposes. If we do not need to retain information for a period of time, we may destroy, delete or anonymize it more promptly. Any personal data held by us will be kept by us until such time that you notify us that you no longer wish to receive this information.

2.4 Storage of Information

The data that we collect from you will not be transferred to, and stored at, a destination outside Nigeria. By submitting your data, you agree to this transfer, storing and/or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. We maintain security standards and procedures with a view to preventing unauthorized access to data by anyone, including our staff. We use technologies (e.g. data encryption, firewalls) to protect the security of data in transit and data at rest by following a risk based approach. All MHCCCL staff, vendors and other similar third parties are required to observe our privacy standards and to allow us audit them for compliance.

2.5 Sharing Information

We do not share personal information with unaffiliated third parties, except if necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law. These include:

Service providers: MHCCCL works with reputable partners and service providers so they can process your personal information on our behalf where required. MHCCCL will only transfer personal information to them when they meet our standards set in our third party information security policy on the processing of data and security. We only share personal information that allows them to provide their services.
Courts, law enforcement or regulatory bodies: MHCCCL may disclose personal information in order to respond to requests of courts, government or law enforcement entities or where it is necessary to comply with applicable laws, court orders or rules, or government regulations.

Audits: Disclosures of personal information may also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat.

In addition, MHCCCL may transfer certain personal information to external entities working with us or on our behalf for the purposes described in this Privacy Policy (e.g. in order to provide you with products or services you requested, or due to public or legal duty to do so). MHCCCL will not transfer the personal information you provide to any third parties for their own direct marketing use.

As such information may be transferred and disclosed to authorities, law enforcement, government, persons acting on your behalf, payment recipients, beneficiaries, intermediaries, other financial institutions, lenders and holders of security over any property relevant to MHCCCL, payment service providers, technology providers, support service providers, etc. We may also share aggregated or anonymized information with partners such as research groups, universities or advertisers.

2.6 Automated Decisions and Profiling

We do not use automated systems to make automated suggestions or decisions, including profiling, based on personal information we have, or that are allowed to collect from other authorized sources, about you. All personal data we collect have human involvement.

2.7. Further Processing

We sometimes process personal data for purposes other than those for which the personal data were initially collected where the processing is compatible with the purposes for which the personal data were initially collected. In order to ascertain whether the processing for another purpose is compatible with the purpose for which the personal data were initially collected:

Any link between the original and proposed new purposes.
The context in which data have been collected (in particular the relationship between us and your reasonable expectations).
The nature of the data (particularly whether they are sensitive data or criminal offence data).
The possible consequences of the proposed processing.
The existence of safeguards (including encryption). Where the data subject has given consent or the processing is based on the law we are allowed to further process the personal data irrespective of the compatibility of the purposes. Where we intend to process the personal data for a purpose other than that for which they were collected, we will provide you, prior to that further processing, with information on that other purpose and other necessary information.

3.0 Automatic Collection Cookies & IP Addresses

3.1 Use of Cookies and Location Based Tools

In some instances, MHCCCL and its service providers use cookies and other technologies to automatically collect certain types of information when you visit MHCCCL online platforms, as well as through email exchange. The collection of this information allows MHCCCL to customize your online experience, improve the performance and security, usability and effectiveness of MHCCCL’s online presence, and to monitor our overall activities. We may collect information about your computer or mobile device, including where available operating system and browser type, for system administration or for our own commercial purposes.

Cookies may be placed on your computer or internet-enabled device whenever you visit MHCCCL online. This allows the site to remember your computer or device and serves a number of purposes.

Your selection will be saved in a cookie and is valid for a short period (e.g. 90 days). If you wish to revoke your selection, you may do so by clearing your browser’s cookies. Although most browsers automatically accept cookies, you can choose whether or not to accept cookies via your browser’s settings (often found in your browser’s Tools or Preferences menu). You may also delete cookies from your device at any time. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of our web sites’ features.

Cookies by themselves do not tell us your email address or otherwise identify you personally. In our analytical reports, we may obtain other identifiers, but this is for the purpose of identifying the number of unique visitors to our web sites and geographic origin of visitor trends, and not to identify individual visitors. MHCCCL may also collect and use the geographical location of your computer or mobile device. This location data is collected for the purpose of providing you with information regarding services which we believe may be of interest to you based on your geographic location, and to improve our location-based products and services.

By navigating on our web sites and accepting cookies or entering your login details to access areas reserved for registered users, you agree that we can place these cookies on your computer or internet enabled device.

3.2 IP Addresses

An IP address is a number assigned to your computer whenever you access the internet. It allows computers and servers to recognize and communicate with one another. IP addresses from which visitors appear to originate may be recorded for IT security and system diagnostic purposes. This information may also be used in aggregate form to conduct web site trend and performance analysis.

4.0 Your Rights

4.1 Data Subject Rights

MHCCCL may ask for your permission for certain uses of your personal information, and you can agree to or decline those uses. If you opt-in for particular services or communications, such as an e-newsletter you will be able to unsubscribe at any time by following the instructions included in each communication. If you decide to unsubscribe from a service or communication, we will try to remove your information promptly, although we may require additional information before we can process your request.

In general if you have submitted personal information to MHCCCL, you have the following rights:

The right to access information about you and to obtain information about how it is processed.
The right to request that your information is corrected if it is inaccurate or incomplete.

The right to request that your information is erased (depending on the circumstances and agreements in place).

We may continue to retain your information if another legitimate reason for doing so exists. You have the right to have you personal data erased if:
- The personal data is no longer necessary for the purpose which it was originally collected or processed for.
- MHCCCL is relying on consent as the lawful basis for holding the data, and you withdraw your consent.
- MHCCCL is relying on legitimate interests as the basis for processing, you object to the processing of your data, and there is no overriding legitimate interest to continue this processing.
- MHCCCL has processed the personal data unlawfully (i.e. in breach of the lawfulness requirement).
- It has to be done to comply with a legal obligation.
The right to request that we restrict our processing of your information if the information provided to MHCCCL are not accurate, the processing is unlawful and your request for erasure is opposed or when we no longer need your data for the purpose of processing but they are required by you for the establishment, exercise or defence of legal claims.
The right to withdraw your consent to our processing of your information (depending on the circumstances and agreements in place). We may continue to process your information if another legitimate reason for doing so exists.

The right to receive certain information you have provided to us in an electronic format and / or request that it is transmitted to a third party. This applies when:
The lawful basis for processing this information is consent or for the performance of a contract.
The right to ask us not to process your personal data for marketing purposes. Prior to collecting data, we will usually inform you if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.

The right to lodge a complaint with the Data Protection Regulatory Authority, for example the National Information Technology Development Authority (NITDA) if you think that MHCCCL has not processed your personal data in accordance with data protection legislation.

You can exercise your rights by contacting us using the details set out in the “Questions and Enforcement” section. We will make all reasonable and practical efforts to comply with your request, if it is consistent with applicable laws and regulations. In such a case every effort to comply within one month shall be made or to inform you of refusal and the basis of this, or of an extension to the period to comply.

5.0 Other Relevant Information

5.1 Data Security

MHCCCL has security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Despite MHCCCL’s best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of our ability, access to your personal information is limited to those who have a need to know and they are required to maintain the confidentiality of such information. A series of technology and Cyber Security platforms and solutions are utilized to protect data within the MHCCCL environment including, but not limited to perimeter security mechanisms, end point security mechanisms, encryption, etc.

5.2 Your Responsibilities

You are responsible for ensuring that the information provided to MHCCCL on your behalf is accurate and up to date, and you must inform us if anything changes as soon as possible. If you provide information for another person on your account, you must direct them to this notice and ensure they also agree to us using their information.

5.3 Questions and Enforcement

MHCCCL is committed to protecting the online privacy of your personal information. If you have questions or comments about our administration of your personal information, please contact us at IT@marigoldhospital.ng, or visit our office. You may also use this contact information to communicate any concerns you may have regarding compliance with our Privacy Policy.

If you are not satisfied with the response you receive, you may escalate your concern to the Data Protection Commissioner by visiting their website at www.nitda.gov.ng or email – info@nitda.gov.ng but this is without prejudice to your right to file an action in a court of law. The time frame for remedies may be determined by a court of competent jurisdiction or the regulator.

5.4 Children’s Privacy

Please note that our services apply to children irrespective of age. We knowingly collect personally identifiable information from Children under the age of 18, under the strict supervision and consent of the child’s parent, guardian or legal custodian.

5.4 Links to Other Websites

If you visit another website other than marigoldhospital.ng, read the privacy policy on that website to find out what it does with your information.

5.5 Governing Principles of our Data Processing

We guarantee that your personal data shall be:

collected and processed in accordance with specific, legitimate and lawful purpose consented to by you; provided that: a further processing may be done only for archiving, research or statistical purposes for public interest;
restricted to you and shall not be transferred to any person or entity except as required by law;
it is adequate, accurate and without prejudice to the dignity of human person;
Stored only for the period within which it is reasonably needed, and;
Secured against all foreseeable hazards/breaches such as theft, cyberattack, etc.

This Privacy Policy may be updated from time to time and the most recent version (last updated on May 25, 2021) can be found at https://marigoldhospital.ng/privacy-policy/

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.