Privacy Policy

Last Updated: [Date of Last Update]

Welcome to TelehealthAfrica ("we," "us," or "our"). We are committed to protecting your privacy and handling your personal and health information with care and respect. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services (collectively, the "Services"), which facilitate interactions between Patients, Doctors, Pharmacies, Laboratories, Health Centers, Medical Suppliers, and other healthcare ecosystem participants.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use our Services.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Services depends on the nature of your interaction with us and includes:

A. Personal Data

Personally identifiable information, such as your name, shipping address, email address, telephone number, demographic information (such as your age, gender, hometown, and interests), professional credentials (for healthcare providers/entities), and other information you voluntarily give to us when you register with the Services or when you choose to participate in various activities related to the Services, such as online chat, video consultations, message boards, ordering products, or requesting services.

  • For Patients: Name, date of birth, gender, contact details, medical history, symptoms, consultation records, prescriptions, lab results, insurance information (if applicable), payment information.
  • For Doctors & Other Healthcare Professionals: Name, professional credentials (license number, specialization, certifications), practice information, contact details, consultation availability, consultation records, prescribing information, banking information for payments.
  • For Pharmacies & Labs: Business name, registration/license details, contact information, address, prescription fulfillment records, lab test ordering and result records, inventory data (for suppliers), banking information.
  • For Health Centers & Suppliers: Business name, contact information, address, types of services/products offered, order history, inventory data, banking information.

B. Health Information (Protected Health Information - PHI)

Sensitive health information is collected when you use our services, particularly for patients and during interactions with healthcare providers. This includes medical history, current health conditions, treatment plans, medications, allergies, mental health information, diagnostic images, lab results, and notes from consultations. We treat PHI with the highest level of confidentiality and in accordance with applicable healthcare privacy laws.

C. Derivative Data

Information our servers automatically collect when you access the Services, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Services. If you are using our mobile application, this information may also include your device name and type, your operating system, your phone number, your country, your likes and replies to a post, and other interactions with the application and other users via server log files, as well as any other information you choose to provide.

D. Financial Data

Financial information, such as data related to your payment method (e.g., valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Services. We store only very limited, if any, financial information that we collect. Otherwise, all financial information is stored by our payment processor, [Name of Payment Processor(s)], and you are encouraged to review their privacy policy and contact them directly for responses to your questions.

E. Data From Third Parties

Information from third parties, such as personal information or network friends, if you connect your account to the third party and grant the Services permission to access this information. This may include data from integrated Electronic Health Record (EHR) systems, partner laboratories, or pharmacies with your consent.

2. How We Use Your Information

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Services to:

  • Create and manage your account.
  • Facilitate healthcare consultations (video, audio, chat) between patients and providers.
  • Process prescriptions and coordinate with pharmacies.
  • Facilitate laboratory test ordering and delivery of results.
  • Enable communication and data sharing between different authorized healthcare ecosystem participants (e.g., doctor sharing a prescription with a pharmacy, lab results to a doctor and patient).
  • Process payments and refunds.
  • Deliver targeted advertising, coupons, newsletters, and other information regarding promotions and the Services to you (with your consent where required).
  • Email you regarding your account or order.
  • Fulfill and manage purchases, orders, payments, and other transactions related to the Services.
  • Improve the efficiency and operation of the Services.
  • Monitor and analyze usage and trends to improve your experience with the Services.
  • Notify you of updates to the Services.
  • Offer new products, services, mobile applications, and/or recommendations to you.
  • Perform other business activities as needed.
  • Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
  • Request feedback and contact you about your use of the Services.
  • Resolve disputes and troubleshoot problems.
  • Respond to product and customer service requests.
  • Send you a newsletter or other promotional communications (with opt-out options).
  • Compile anonymous statistical data and analysis for use internally or with third parties (for research, public health purposes, platform improvement, always ensuring data is de-identified where appropriate or required).
  • Comply with legal and regulatory requirements applicable in the jurisdictions we operate.
  • [Add any other specific uses relevant to your platform]

3. Disclosure of Your Information

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

A. By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.

B. To Facilitate Healthcare Services

Your personal and health information will be shared among relevant parties to provide the healthcare services you request or are a part of. This includes, but is not limited to:

  • Patients sharing information with Doctors during consultations.
  • Doctors sharing prescriptions with a Patient's chosen Pharmacy.
  • Doctors or Patients authorizing Lab tests and Labs sharing results back.
  • Information shared with Health Centers if a Patient is referred or seeks services there via our platform.
  • Order information shared with Medical Suppliers.

Access to specific data is role-based and limited to what is necessary for each participant to perform their function within the healthcare service delivery.

C. Third-Party Service Providers

We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. These providers are contractually obligated to protect your information.

Examples: [List types of providers, e.g., Cloud hosting (AWS, Azure, Google Cloud), Payment Gateway (Stripe, Paystack), Email Marketing Service, Analytics Provider].

D. Marketing Communications

With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law. You can opt-out of this at any time.

E. Business Transfers

We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

F. Affiliates

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.

G. De-identified or Aggregated Data

We may share de-identified or aggregated information that does not directly identify you for research, public health reporting, statistical analysis, or to improve our Services.

H. Other Disclosures [Specify if any]

[Detail any other specific scenarios where data might be shared, e.g., with specific research partners with explicit consent.]

4. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

Measures include: [Briefly mention types: e.g., encryption, access controls, regular security audits, staff training on data privacy].

5. Data Retention

We will retain your personal information and health information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, to provide our Services, to comply with our legal obligations (e.g., medical record retention laws), resolve disputes, and enforce our agreements. Retention periods will vary depending on the type of information and the applicable legal or regulatory requirements.

[You may want to specify typical retention periods or criteria for different data types if possible and legally advisable.]

6. Your Data Protection Rights

Depending on your location and applicable laws (e.g., GDPR, POPIA, NDPR, CCPA), you may have the following rights regarding your personal information:

  • The right to access – You have the right to request copies of your personal data.
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The right to withdraw consent – If we are processing your data based on your consent, you have the right to withdraw that consent at any time.

To exercise these rights, please contact us using the contact information provided below. We will respond to your request in accordance with applicable law.

[Specify how users can make these requests - e.g., through their account settings, by emailing a DPO].

7. International Data Transfers

Your information, including personal data and health information, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

If you are located outside [Specify Primary Country of Operation, e.g., Nigeria] and choose to provide information to us, please note that we transfer the data, including Personal Data, to [Specify Location of Servers, e.g., servers in Ireland or USA] and process it there. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information (e.g., Standard Contractual Clauses, Adequacy Decisions).

8. Policy for Children

We do not knowingly solicit information from or market to children under the age of [Specify Age, e.g., 13 or 16 or 18 depending on local laws and service nature]. If you become aware of any data we have collected from children under age [Specify Age], please contact us using the contact information provided below. If our services are intended for use by minors (e.g., pediatric consultations), parental or legal guardian consent will be required.

[Detail how you handle data for minors if your platform allows it, e.g., through a guardian's account.]

9. Cookies and Tracking Technologies

We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Services to help customize the Services and improve your experience. When you access the Services, your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Services.

[Provide more details about the types of cookies used (essential, performance, functional, targeting) and link to a separate Cookie Policy if extensive.]

10. Third-Party Websites

The Services may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Services, any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Services.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

[Specify how users will be notified of material changes - e.g., email, in-app notification.]

12. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at:

TelehealthAfrica
[Your Company's Physical Address, if applicable]
[City, Country]
Email: [Your Data Protection Officer or Privacy Email Address, e.g., privacy@telehealth.africa]
Phone: [Your Contact Phone Number, optional]

[If you have a designated Data Protection Officer (DPO) as required by GDPR or other laws, list their contact details.]