DATA PROTECTION AND COOKIE POLICY
ZANKLI MEDICAL CENTRE
PRIVACY POLICY
EFFECTIVE DATE: APRIL 20, 2025
INTRODUCTION
At Zankli Medical Centre ("Zankli," "we," "us," or "our"), we are dedicated to safeguarding the privacy, confidentiality, and security of our patients' personal and health-related information. Protecting your data is fundamental to the trust you place in us, and we take this responsibility seriously. This Privacy Policy explains in detail how we collect, use, disclose, retain, and protect your Personal Information and Sensitive personal data (SPD) whenever you interact with us, receive medical services, or use our digital platforms.
This Privacy Policy is crafted in compliance with Nigerian data protection laws, specifically the Nigeria Data Protection Act, 2023 (NDPA) and the Nigeria Data Protection Regulation, 2019 (NDPR), and aligns with international best practices in healthcare data protection.
SCOPE OF THIS PRIVACY POLICY
This Policy applies to all Personal Information and Sensitive Personal Data (SPD) that Zankli Medical Centre collects, processes, maintains, or transmits. This includes information collected through:
Direct services provided at our hospital.
Our electronic medical record (EMR) systems that store medical histories, diagnostics, and treatment plans.
Our official website, online booking forms, and other web-based services.
Billing systems, insurance claims processing, and administrative functions.
Third-party service providers and business associates working on our behalf.
By interacting with Zankli Medical Centre, you consent to the practices described in this Privacy Policy.
INFORMATION WE COLLECT
We collect various types of information necessary to deliver healthcare services, manage operations, fulfill legal obligations, and improve patient experience.
Personal Information
Personal Information refers to data that identifies you directly or indirectly. This includes, but is not limited to:
Contact Information: Your full name, postal address, phone numbers, email address, and other similar details.
Demographic Data: Date of birth, gender, and nationality.
Government-issued Identifiers: Such as your National Identity Number (NIN), driver's license number, or international passport number.
Emergency Contact Details: Information about whom to contact in urgent situations.
Employment Information: Employer details, job title, and work address, where relevant to occupational health services.
Insurance Information: Insurance provider, policy numbers, and coverage details.
Biometric Information: Photographs used for identification and possibly e-signatures for authentication and confirmation of services received.
Security Footage: Video recordings captured through CCTV cameras installed in our facilities.
Communication Preferences: Your choices regarding how you prefer us to contact you (e.g., SMS, email).
Sensitive Personal Data
Sensitive Personal Data includes all data related to your physical or mental health and the healthcare services you receive. Examples include:
Medical Records: History of illnesses, diagnoses, treatment plans, clinical notes, and progress reports.
Diagnostic Data: Laboratory test results, imaging results (X-rays, MRIs, CT scans), and pathology reports.
Medication and Pharmacy Records: Prescriptions, dosages, and medication administration history.
Allergy Information: Details about known allergies or adverse drug reactions.
Genetic and Family Medical History: Information that can influence your health risks and treatment options.
Behavioral and Mental Health Records: Including psychological assessments and treatment notes.
Substance Abuse Treatment Information: Confidential details about drug or alcohol dependency treatments.
Immunization Records: Vaccination history, including for travel or employment.
Consultation Records: Documentation from in-person and telemedicine consultations.
Information Collected Automatically
When you interact with our website or online platforms, we may automatically collect:
IP Address and Device Information: To maintain the security and functionality of our services.
Browser Type and Settings: For optimizing website compatibility.
Website Usage Data: Pages visited, duration of stay, links clicked, and referring websites.
Geolocation Data: When permitted by your device settings.
Cookies and Tracking Technologies: To enhance your user experience and analyze website traffic. (See Cookies section below.)
HOW WE COLLECT YOUR INFORMATION
Your Personal Information and SPD are collected through various channels, including:
Direct Interactions: When you complete registration forms, attend medical appointments, participate in surveys, or communicate with our staff.
Electronic Health Systems: Data inputted during clinical consultations, laboratory tests, imaging sessions, or prescription issuance.
Website and Mobile Application Use: When you use our online services, patient portal, or telemedicine platform.
Insurance and Billing Processes: During insurance claims processing, premium payments, or financial aid applications.
Third-party Sources: Referrals from other healthcare providers, health information exchanges (with your consent), or authorized family members.
CCTV Surveillance Systems: Installed within our premises for security, safety, and fraud prevention.
We ensure that all collection methods comply with Nigerian legal standards for transparency and data minimization.
HOW WE USE YOUR INFORMATION
We process your information for purposes consistent with the law, your consent, and our legitimate interests.
Healthcare Delivery
We use your information to:
Provide diagnosis, treatment, and ongoing medical care.
Coordinate care among physicians, nurses, and specialists.
Develop and implement treatment plans.
Refer you to external healthcare providers where necessary.
Administrative and Billing Functions
We need your information to:
Process insurance claims and manage billing operations.
Verify your eligibility for benefits or entitlements.
Carry out internal financial audits and comply with accounting standards.
Manage your account balances, issue invoices, and collect payments.
Communication with Patients
We use your information to:
Remind you of appointments, procedures, or required follow-ups.
Send health tips, preventive healthcare notices, and newsletters (subject to your consent).
Notify you about service disruptions, policy changes, or urgent health advisories.
Research, Quality Assurance, and Education
Where appropriate and in accordance with applicable consent requirements:
Use de-identified or aggregated information for clinical research studies.
Conduct internal reviews for quality improvement purposes.
Train healthcare workers and students using anonymized case studies.
Legal and Regulatory Compliance
We process your data as required to:
Report infectious diseases or injuries to public health authorities.
Comply with lawful demands like court orders, subpoenas, and investigations.
Meet regulatory requirements for licensing, inspections, and audits.
LEGAL BASIS FOR PROCESSING YOUR INFORMATION
Under the Nigeria Data Protection Act, 2023 (NDPA), Zankli Medical Centre must establish a valid legal basis for processing your data. These include:
Consent: Where we rely on your explicit permission for certain types of processing, such as participation in research or marketing communications.
Contractual Necessity: When processing is necessary to fulfill a healthcare services agreement with you.
Legal Obligation: To comply with mandatory reporting, tax, accounting, and other statutory obligations.
Vital Interests: To protect your life or that of another person, especially during emergencies.
Public Interest: Processing required for public health initiatives, outbreak investigations, or disease surveillance.
Legitimate Interests: When processing supports the efficient management of our healthcare operations without unduly infringing on your rights and freedoms.
You may withdraw your consent at any time, but this will not affect processing that occurred prior to your withdrawal.
INFORMATION SHARING AND DISCLOSURE
We share information only as necessary and in accordance with the law:
Healthcare Providers: With other doctors, specialists, labs, or pharmacies directly involved in your care.
Insurance Companies: To process claims, confirm coverage, and obtain authorizations for treatment.
Business Associates: Vendors providing support services (e.g., IT providers, billing agencies) are contractually obligated to protect your information.
Regulatory Authorities: Public health bodies, licensing authorities, and law enforcement agencies, but only where legally mandated.
Research Institutions: When approved by ethical review boards and subject to your explicit consent.
Security Operations: CCTV footage may be reviewed or shared internally to investigate incidents, prevent fraud, or enforce facility security.
In all cases, we ensure appropriate data sharing agreements are in place.
YOUR RIGHTS REGARDING YOUR INFORMATION
You have several important rights under Nigerian law:
Access: You can request a copy of the information we hold about you.
Correction: You may ask for corrections to inaccurate or incomplete data.
Erasure: In specific circumstances, you may request the deletion of your information.
Restriction: You can request limits on how we use your information.
Objection: You may object to certain types of processing, such as direct marketing.
Data Portability: You may request to receive your data in a structured, commonly used format.
Withdrawal of Consent: You can withdraw consent at any time without affecting previous processing.
Complaint: You have the right to file complaints with the Nigeria Data Protection Bureau (NDPB).
To exercise any of these rights, contact our Data Protection Officer.
INFORMATION SECURITY
At Zankli Medical Centre, we recognize that the protection of Personal Information and Sensitive Personal Data (SPD) is of utmost importance. We implement a multi-layered security framework combining technical, administrative, and physical safeguards designed to prevent unauthorized access, loss, misuse, or alteration of your data.
Technical Safeguards
Encryption: We encrypt electronic health information both at rest and in transit using industry-standard protocols.
Access Controls: We enforce strict authentication processes, ensuring that only authorized personnel can access specific types of information.
Audit Trails: All accesses to health records are logged and reviewed regularly to detect and deter improper use.
Transmission Security: All electronic communications between systems are encrypted to protect data integrity and confidentiality.
Malware Protection: Our systems are equipped with up-to-date antivirus software, intrusion detection systems, and firewalls.
Data Backup and Disaster Recovery: Regular backups are performed to ensure data resilience against accidental loss or natural disasters.
Administrative Safeguards
Risk Assessments: Periodic assessments are conducted to identify potential security risks and vulnerabilities.
Staff Training: All staff members undergo regular training on privacy, data protection, and information security best practices.
Incident Response Plan: We maintain a documented procedure for responding to security breaches, including notification of affected individuals and regulatory bodies.
Policies and Procedures: Written policies govern the handling of Personal Information and Sensitive Personal Data, including clear consequences for violations.
Business Associate Agreements: Third-party vendors must adhere to our security standards via enforceable agreements.
Physical Safeguards
Access Controls: Our facilities have controlled entry points, visitor sign-in protocols, and security personnel.
Secure Workstations: Computers are configured to automatically log off after a period of inactivity.
Device and Media Controls: Protocols are in place for the safe disposal or reuse of devices and media containing sensitive data.
Environmental Security: We maintain physical protections against fire, flooding, and other hazards.
---
DATA RETENTION
We retain your Personal Information and SPD for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
General Retention Standards
Medical Records: Generally retained for a minimum of 7 to 10 years from the date of the last service provided.
Minor Patients: For individuals under 18 years old, records are typically kept until the patient reaches the age of majority (18 years) plus an additional 7 years.
Legal Requirements: Certain information may be retained longer if mandated by Nigerian laws, regulations, or court orders.
When records are no longer needed, they are securely destroyed through methods such as shredding paper documents and wiping electronic storage devices.
---
CHILDREN'S PRIVACY
Zankli Medical Centre is committed to protecting the privacy of children. We only collect, use, or disclose Personal Information of minors under the age of 18 with the explicit, verifiable consent of a parent or legal guardian, except where emergency healthcare services are required or where otherwise permitted by Nigerian law.
Parents or guardians have the right to:
Access their child's health records.
Request corrections or amendments.
Request deletion of records (subject to legal obligations).
We do not knowingly solicit or market services directly to children without parental involvement.
---
CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may be updated periodically to reflect changes in regulatory requirements, technological advancements, or organizational practices. Whenever we make significant changes, we will notify you through multiple communication channels such as email, website notices, or in-facility announcements.
We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.
The "Effective Date" at the top of this page indicates when this Policy was last revised.
---
INTERNATIONAL DATA TRANSFERS
There may be circumstances where your Personal Information needs to be transferred outside Nigeria. Such transfers will occur only when:
The recipient country ensures an adequate level of data protection, as determined by the Nigeria Data Protection Agency (NDPA).
You have provided explicit consent for the transfer.
The transfer is necessary for the performance of a contract between you and Zankli Medical Centre.
Other specific legal grounds under the NDPA apply.
Where data transfers occur, we put in place additional contractual agreements and security measures to ensure your information remains protected and handled in accordance with applicable data protection laws.
---
THIRD-PARTY WEBSITES AND SERVICES
Our website and digital platforms may contain links to third-party websites, plugins, or applications. These third-party websites operate independently of Zankli Medical Centre and have their own privacy policies and practices.
We are not responsible for the privacy practices or content of third parties. We strongly encourage you to review the privacy statements of any third-party websites or services before providing any information to them.
---
COOKIES AND TRACKING TECHNOLOGIES
What Are Cookies?
Cookies are small text files stored on your device by websites you visit. They serve a variety of functions such as enabling website functionality, enhancing user experience, and collecting analytical data.
How We Use Cookies
We use cookies to:
Remember Your Preferences: Such as login details and display settings.
Enhance Security: Authentication cookies help protect access to secure areas.
Analyze Usage Patterns: We collect statistical information about how users navigate our website to improve its structure and content.
Personalize Content: Tailoring information based on your previous interactions.
Managing Cookies
You have the right to control the use of cookies. Our website provides a cookie consent banner allowing you to:
Accept all cookies.
Reject non-essential cookies.
Customize your cookie preferences.
You can also manage cookies through your browser settings; however, disabling essential cookies may affect website functionality.
For more details, please visit our extended Cookies Policy available at: https://www.zanklimedical.com/cookie-policy
---
NON-DISCRIMINATION POLICY
We affirm that exercising your privacy rights under this Policy or Nigerian law will not result in:
Denial of healthcare services.
Different pricing or quality of service.
Imposition of penalties or retaliation.
Your rights to data protection are fundamental and will always be respected.
---
SPECIAL PROTECTIONS FOR SENSITIVE INFORMATION
Certain categories of sensitive information enjoy additional legal protections under Nigerian law and international standards. These include:
Psychotherapy Notes: Subject to enhanced confidentiality protections.
Mental and Behavioral Health Records: Disclosures require specific consent.
Substance Abuse Treatment Records: Special confidentiality rules apply.
HIV/AIDS Information: Requires explicit, informed consent for disclosure.
Genetic Information: Protected to prevent discrimination.
Sexual and Reproductive Health Information: Handled with heightened sensitivity and privacy.
We strictly comply with all applicable laws providing enhanced safeguards for these categories.
---
CONTACT INFORMATION
If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, you may contact:
Data Protection Officer
Zankli Medical Centre
No 1, Ibrahim Tahir Lane, Utako
Abuja, Nigeria
Phone: +2348146666829
Email: dpo@zanklimedical.com.ng
You also have the right to lodge a complaint directly with the:
Nigeria Data Protection Agency (NDPA)
Website: https://ndpb.gov.ng
---
ACKNOWLEDGMENT
By receiving services from Zankli Medical Centre, using our website, or otherwise providing us with your information, you acknowledge that you have read, understood, and agreed to the practices described in this Privacy Policy.
---
Last Updated: April 20, 2025