1. Privacy policy
This Data Privacy and Protection Policy (the "Privacy Policy") describes your privacy rights regarding MEDICASH.CO TECH. LIMITED's ("we", "us" or "our") collection, use, storage, sharing and protection of your personal identifiers, electronic network activity information, professional information, location information and other types of information. It applies to our platform, website and all related sites, applications, services and tools ("Services") regardless of how you access or use them.
This Privacy Policy applies to all forms of systems, operations and processes within our environment that involve the collection, storage, use, transmission and disposal of Personal Information (described below). It is provided to help you understand what information we collect from you, how the information collected is used, how we protect it, and your rights to it, amongst others.
This Privacy Policy is strictly restricted to only our Services and therefore does not apply to services that are not owned or controlled by us, including third-party platforms/websites. We are committed to handling all personal data provided to us in compliance with both applicable and model data privacy and protection laws.
By accessing or using our services in any manner, you indicate to us that you have read and accepted this Privacy Policy and consent to the data practices described in this Privacy Policy.
You agree that upon granting us your consent, you have the legal capacity to give consent and you are aware of your privacy rights and your option to withdraw your consent at any given time. If you do not accept this Privacy Policy and do not meet or comply with the provisions set forth herein, then you may not use our Services.
2. TYPES OF DATA WE COLLECT:
As part of our operations, we collect and process certain types of information (such as name, telephone numbers, address etc.) of individuals that makes them easily identifiable. These individuals include current, past and prospective employees, merchants, suppliers/vendors, customers of merchants, registered users ("Users") and other individuals whom we communicate or deal with, jointly and/or severally ("Data Subject(s)").
To use our Services, you will voluntarily provide us with certain Personal Information. Personal Information refers to information relating to an identified person or information that can be used to identify you, (e.g. email address, bank details, name, telephone number). It may also include anonymous information that may be linked to you specifically, (e.g. IP address).
We use your Personal Information to:
1. Provide you with the required Services
2. Respond to your questions or requests
3. Improve features, platform and website content and analyse data to develop products and services.
4. Address inappropriate use of our Services.
5. Prevent, detect and manage risk against fraud and illegal activities using internal and third party screening tools.
6. Send you marketing content, newsletters and service updates curated by us, however, we will provide you with an option to unsubscribe if you do not want to hear from us.
7. Verify your identity and the information you provide in line with our statutory obligations using internal and third party tools.
8. Maintain up-to-date records.
9. Resolve disputes that may arise, including investigations by law enforcement or regulatory bodies.
10. Any other purpose that we disclose to you in the course of providing our Services to you.
We may retrieve additional Personal Information about you from third parties and other identification/verification services such as your financial institution and payment processor. With your consent, we may also collect additional Personal Information in other ways including emails, surveys, and other forms of communication. Once you begin using our Services through our platform, we will keep records of your transactions and collect information about your other activities related to our Services. We will not share or disclose your Personal Information with a third party without your consent except as may be required for the purpose of providing you with our Services or under applicable legislation.
In providing you with the Services, we may rely on third-party servers located in foreign jurisdictions from time to time, which as a result, may require the transfer or maintenance of your personally identifiable information on computers or servers in foreign jurisdictions. In situations where this may occur, we will endeavour to ensure that such foreign jurisdictions have data protection legislation that is no less than the existing data protection regulations in force in Nigeria and your personally identifiable information is treated in a safe and secure manner.
3. DISCLOSURE OF PERSONAL DATA
We will retain your Personal Information for as long as is needed to provide our Services to you, comply with our legal and statutory obligations or verify your information with the required verification authorities.
We are statutorily obligated to retain the Personal Information and data you provide us with in order to process transactions, ensure settlements, make refunds, identify fraud, holistically carry out our Services and in compliance with laws and regulatory guidelines applicable to us and our service partners. Therefore, even after discontinuance of our Services, we will retain certain Personal Information and transaction data to comply with these obligations. All Personal Information shall be destroyed by us where possible. For all Personal Information and records obtained, used and stored by us, we shall perform periodical reviews of the data retained to confirm the accuracy, purpose, validity and requirement to retain.
The length of storage of your Personal Information shall, amongst other things, be determined by:
1. The contract terms agreed between us and the Data Subject or as long as it is needed for the purpose for which it was obtained.
2. Whether the transaction or relationship has statutory implication or a required retention period.
3. Whether there is an express request for deletion of the Personal Information by the Data Subject, provided that such request will only be treated where the Data Subject is not under any investigation which may require us to retain such Personal Information or there is no subsisting contractual arrangement with the Data Subject that would require the processing of the Personal Information or whether we have another lawful basis for retaining that information beyond the period for which it is necessary to serve the original purpose.
Once your Personal Information is held by us, you are entitled to reach out to us to exercise the following rights:
1. Request access to your personal data (commonly known as a "data subject access request"): This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may notify you of our refusal to comply with your request in these circumstances. Where we have reasonable doubts concerning the identity of the natural person making the request for information, we may request the provision of additional information necessary to confirm the identity of the Data Subject. Where data is held electronically in a structured form, such as in a Database, as the Data Subject, you have a right to receive that data in a common electronic format.
2. Right to request correction of the personal data that we hold about you: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
3. Right to request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
4. Right to object to the processing of your personal data: Where we are relying on a legitimate interest (or those of a third party) there maybe something about your particular situation which could justify an objection to processing on this ground as you may feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
5. Right to request restriction of processing of your personal data: This enables you to ask us to suspend the processing of your personal data in the following scenarios:
i. If you want us to establish the data's accuracy.
ii. Where our use of the data is unlawful but you do not want us to erase it.
iii. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
iv. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
6. Request the transfer of your personal data to you or to a third party: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
7. Withdraw consent at any time where we are relying on consent to process your personal data: This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Your request will be reviewed by us and carried out except as restricted by law or our statutory obligations. You may decline to provide your Personal Information when it is requested by us, however, certain Services or all the Services may be unavailable to you. You may review and update your Personal Information directly or by contacting us on help@medicash.co
Our Services are not directed to children under 18. We do not knowingly collect information from children under 18.
If you access our Services or Platform and you are below 18 years, you represent and warrant that you have obtained consent from your parent(s) or legal guardian(s). If you have inadvertently provided personal data of a child to us, please notify us at help@medicash.co and we will delete such personal data. If as a parent or guardian, you become aware that your child or ward child has provided us with any information without your consent, please contact us through the details provided in this Privacy Policy. We will retain your Personal Information for as long as is needed to provide our Services to you, comply with our legal and statutory obligations or verify your information with the required verification authorities.
We confirm that we comply with the NDPR on data collection, transmission, usage and protection. We also, for best practices, adopt pertinent best practices per the General Data Protection Regulation (2016/679) (GDPR) to the extent that they do not conflict with Nigerian data protection regulations and laws.
We reserve the right to update, modify, change or revise this Privacy Policy from time to time. The changes will not be retroactive, and the most current version of this Privacy Policy which will always be on this page and will continue to govern our relationship with you. We advise that you check this page often, referring to the date of the last modification on the page. We will also try to notify you of any material changes which could be done via email associated with your account or service notification. By continuing to use our Services after the changes become effective, you agree to be bound by the revised Privacy Policy.
You may file a complaint in accordance with this Privacy Policy if you believe that any provision of this Privacy Policy or your privacy rights have been violated in respect of your personal information or if your access to our Services have been compromised, to enable us to take the necessary steps towards ensuring the security of your Personal Information. All complaints must be addressed to the company by sending an email to our Data Protection Officer using the following contact details: support@medicash.co
Please note that, the complaint and resolution procedure is not prejudicial to your right to complain to the data protection authorities (in this case, the National Information Technology Development Agency (NITDA)) using the following contact details:
Address: No. 28, Port Harcourt Crescent,
Off Gimbiya Street, P.M.B 564, Area 11
Garki, Abuja,
Nigeria.
Email: info@nitda.gov.ng,
We will notify you of any breach and also notify National Information Technology Development Agency (NITDA) within 72 hours of becoming aware of such breach.
You may also seek redress in a court of competent jurisdiction. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authorities. Kindly contact us in the first instance by sending an email to: support@medicash.co
You may contact us if you have any questions relating to this Privacy Policy or would like to find out more about exercising your data protection rights. All questions, comments and requests regarding this Policy should be addressed to help@medicash.co
If you are in Lagos, we can also be reached at
MediCREDIT Tech. Limited.
9 Louis solomon,
Victoria island,
Lagos.