1. Introduction

MediQ-i is a telehealth company committed to protecting the personal data of its users in line with the Nigeria Data Protection Regulation (NDPR 2019) issued by the National Information Technology Development Agency (NITDA). This policy outlines how we collect, process, store, retain, secure, and share your data.

2. Scope

This policy applies to all users of MediQ-i services, including patients, healthcare providers, employees and partners. It governs all platforms including mobile apps, web portals, and any other digital service channels.

3. Categories of Personal Data Collected

We may collect and process the following:

• Personal Information: Full name, gender, date of birth, address, email, phone number
• Health Information: Medical history, current symptoms, test results, prescriptions
• Usage Data: Logs, device type, IP address, session activity
• Payment Data: Billing information and transaction history (where applicable)

4. Purpose of Data Collection

We use your personal data to:

• Deliver healthcare consultations and manage medical records
• Prescribe and monitor treatments
• Conduct diagnostic testing through partner laboratories
• Schedule appointments and follow-ups
• Ensure compliance with regulatory and professional standards
• Improve our services through analytics and feedback

5. Lawful Basis for Processing

We process data based on:

• Explicit user consent
• Contractual necessity (e.g., for healthcare delivery)
• Legal obligations (e.g., NDPR compliance, clinical documentation)
• Legitimate interest (e.g., service improvement, fraud prevention)

6. Data Sharing with Third Parties

MediQ-i may share personal data with the following, under strict confidentiality agreements:

• Accredited laboratories for diagnostic test processing
• Licensed healthcare professionals for consultations and care coordination
• Third-party service providers for cloud hosting, IT support, analytics
• Regulatory bodies or law enforcement where legally required

We ensure that all third parties comply with applicable data protection standards.

7. Data Security

We implement strong security practices to protect your data, including:

• End-to-end encryption of all communications and health records
• Secure servers and firewalls
• Multi-factor authentication for platform access
• Access control by role and responsibility
• Regular vulnerability assessments and security audits
• Staff training on confidentiality and data protection

8. Data Retention

MediQ-i retains personal data for a period of up to three (3) years from the date of last activity or as otherwise required by medical or legal obligations. After this period, data will be:

• Securely deleted, or
• Anonymized for research and statistical purposes

Users may request earlier deletion, provided it does not conflict with legal or medical obligations.

9. Consent and Agreement to Use of Data

By using MediQ-i's services, you:

• Agree to the collection, processing, storage, and sharing of your data as outlined in this policy
• Consent to data being shared with third parties (such as laboratories) for the sole purpose of providing healthcare services
• Acknowledge that you may withdraw consent at any time, subject to legal and medical exceptions

10. Your Rights Under NDPR

You have the right to:

• Access your personal data
• Correct or update inaccurate data
• Withdraw consent for processing
• Request deletion of your data
• File a complaint with NITDA

All requests will be handled within 30 working days in line with NDPR guidelines.

11. Data Protection Officer

MediQ-i has appointed a DPO to oversee data governance.

12. Review and Amendments

This policy is subject to annual review or sooner if regulations change. We will notify users of any significant updates via email and platform notifications.