Privacy Policy
Updated on October 12, 2023
1. Introduction
HeliumDoc and its affiliates ( collectively or individually as applicable, referred to as “HeliumDoc” "We", "Us", or "Our") offer users a platform to quickly access the services of top healthcare providers in Africa (including Nigeria, Kenya, and Uganda) and the respective Gulf Cooperation Council (GCC) member states, namely Bahrain, Oman, Qatar, Saudi Arabia, Kuwait and the United Arab Emirates.
This Privacy Notice (“Notice”) governs your use of Our website https://www.heliumdoc.com/ (‘the Website”), and any other software, online platform, website, mobile or tablet application or domain used to provide Our medical services (referred to as the “Services"). We provide this Notice because you have a right to know what information We collect, why We collect it, how it is protected and used, and the circumstances under which it may be disclosed.
2. Terms of Use
You are required to comply with the provisions of Our Terms of Use in relation to the information provided.
3. Your data that we process
Personal data is any information about an individual that can be used to identify that person directly or indirectly. For example, while using the website, we may request personal information from you in order to contact or identify you, and some information may be collected automatically in order for our website to function properly. We also collect personal data from third-party sources or through your use of our services, such as when you sign-up or register for any of our services. We obtain the following information:
| Health Care Providers/Specialists | Patients | All visitors |
|---|---|---|
| Full name of the person signing up | Full name of the patient | Search queries |
| Name of the health care facility | Email address of the patient | The IP address used to connect your device to the internet for identification purposes |
| Country of Residence | Phone number | Login email address and password |
| Email address | Age | Name of the internet service provider (ISP) |
| Phone number | Medical record/status | Date and time of visit |
| Full names of medical professionals | Home address | Web pages visited, duration, and frequency of visits |
| Medical qualification | Country | Browsing Behaviour |
| Type of facility | Gender | Device ID |
| Location | Language | |
| Financial details | Financial details |
4. Sensitive Personal Data
Sensitive personal data includes data pertaining to religious or other beliefs, sexual orientation, health, race, ethnicity, political views, trade union membership, criminal records, and any other sensitive personal information. We will only process sensitive personal data (health data) of patients on behalf of health care providers with the patients' express consent or in order to fulfil the healthcare facility's and care provider's obligation to provide care services.
6. Lawful Bases for processing data
We are required to process your data under at least one of these lawful bases, as specified under the relevant data protection laws:
- Legitimate interest: Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided your rights and interests do not outweigh those interests.
- Consent: You have given explicit consent for us to process your data for a specific purpose.
- Contract: If the data processing is necessary for a contract with us or because we have asked you to take specific steps before entering that contract.
- Legal obligation: If the processing of your data is necessary where there is a statutory obligation on us.
Purpose of Processing Your Data and the Lawful Bases
| Purpose of Processing | Lawful Bases |
|---|---|
| Legitimate interest, contract |
| Consent |
| Legitimate interest |
| Legitimate interest, legal obligation |
| Contract |
| Contract, consent |
| Legal obligation |
7. Your Rights as a Data Subject
Depending on your location and subject to applicable law, you are vested with certain rights as a data subject. They include the right to:
- access personal data we hold about you by requesting a copy of the personal data we hold about you;
- rectify such information where you believe it to be inaccurate;
- restrict the processing of your data in certain circumstances;
- object to the processing of your data where we intend to process such data for marketing purposes;
- where feasible, receive all personal data you have provided to us—in a structured, commonly used, and machine-readable format—and transmit the information to another data controller;
- request the erasure of your data (also known as the right to be forgotten);
- withdraw your consent to the processing of your data;
- not be subjected to a decision based solely on automated processing or profiling; and
- lodge a complaint with a relevant authority where you have reason to believe that we have violated the term(s) of this Privacy Notice. (You may complain or seek redress from us within 30 days from when you first detected the alleged violation.)
You may seek to exercise any of the above rights at any time by sending us an email at heliumdocprivacy@heliumhealth.com.
In the event of a complaint, users may direct such a complaint to us or to the appropriate supervisory authority in their respective country. See section 12 on jurisdiction-specific provisions for more details.
9. Retention of your data
The data and any other information we collect from you will be stored for as long as necessary to fulfil the purposes described in this Notice.
However, we will also retain data subject to relevant provisions of applicable laws, resolve disputes, prevent fraud and abuse, and enforce our legal agreements and policies. In addition, we delete your data for targeted marketing purposes once you unsubscribe from our marketing communications.
Please note that your data may be retained for a longer period, notwithstanding your request to remove it, where there is a legal requirement to do so.
10. How your data is stored and secured
We are very particular about preserving your privacy and protecting your data. We deploy reasonable and appropriate technical and organisational measures to keep your data safe. However, we cannot completely guarantee the security of any information you transmit via our website, as the internet is not an entirely secure place. Nevertheless, we are committed to doing our best to protect you.
We protect your data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure, and alteration.
Where there is an actual or suspected data breach capable of causing harm to your rights and freedoms, we will notify you without undue delay and use our best effort to remedy the breach promptly.
11. International transfer of data
As a multinational with a presence in multiple countries, we may transfer your personal data outside our country of operation or where you are resident. We sometimes transfer data internationally using third-party providers when we offer our services. We ensure any cross-border data transfers adhere to all necessary data protection regulations. This means that before transferring personal data, we either confirm that the recipient country has robust data protection laws or, if not, employ specific contractual terms and other appropriate safeguards to protect the data. In cases where the destination country might not meet stringent data protection standards, we will leverage the relevant data transfer mechanism, seek authorisation from the regulator, or obtain your consent before proceeding and inform you of any risks. Wherever your data is processed globally, we ensure the consistent application of the protections outlined in this notice. Should you wish to learn more about how we ensure data protection during these transfers, details will be provided upon request.
12. Jurisdiction-Specific Provisions
Nigeria: The Nigeria Data Protection Act (NDPA) provides for the rights of data subjects, including the right to access, object to processing, restrict processing, data portability, not to be subject to automated processing, erasure, rectification, withdraw consent to processing and the right to lodge a complaint with the supervisory authority. You can contact our DPO atheliumdocprivacy@heliumhealth.com at any time to exercise any of these rights. In the case of a complaint, you can contact the Supervisory Authority at info@ndpc.gov.ng.
Kenya: Data is processed in Kenya according to the Data Protection Act and the Data Protection Regulations. The legal framework provides for the rights of data subjects, which we respect. We also ensure that our processing is in accordance with the relevant law. You can contact our DPO atheliumdocprivacy@heliumhealth.com for any inquiries or to exercise your rights. In case you have a complaint, feel free to contact the Supevisory Authority at policy@odpc.ke.
Uganda: Uganda’s Data Protection and Privacy Act and its Data Protection and Privacy Regulations regulate the processing of personal data in the country and any international transfer of data. It provides for the rights of data subjects, such as the right to erasure, blocking, destruction, access, rectification, prevention of processing, appeal to a decision to continue processing, and automated processing. If you wish to exercise your rights, you can contact our DPO atheliumdocprivacy@heliumhealth.com. Data subjects can lodge any complaint with the Supervisory Authority at info@pdpo.go.ug.
Saudi Arabia: The relevant law is the Saudi Arabia Personal Data Protection Law (PDPL), which provides for your rights as a data subject. Although the law does not provide for the right to object to processing, restrict processing, or demand not to be subject to automated decision making, you have the right to information, access, data portability, rectification, and destruction of your data. You can contact our Data Protection Officer (DPO) at heliumdocprivacy@heliumhealth.com to exercise any of these rights. Alternatively, you can lodge a complaint directly with the Supervisory Authority, the Saudi Data and Artificial Intelligence Authority (SDAIA), at info@sdaia.gov.sa.
Kuwait: The Data Privacy Protection Regulation (DPPR) provides for your rights as a data subject using our services in Kuwait. We process your data only based on your consent and in accordance with the principles of lawful processing as provided under the regulations. We will not transfer your data outside Kuwait unless you have consented to such a transfer. You can contact our DPO atheliumdocprivacy@heliumhealth.com to learn more about how we process your data or lodge a complaint with the Supervisory Authority at info@citra.gov.kw.
The United Arab Emirates: We process data in the UAE according to the Federal Law on the Protection of Personal Data. You can get in touch with us to exercise your rights under the data protection law by contacting our Data Protection Officer (DPO) at heliumdocprivacy@heliumhealth.com.
Qatar: The applicable law is the Qatar Personal Data Privacy Protection Law (PDPPL), which provides for the rights of data subjects and imposes obligations on us to ensure the security of your data. You can contact our Data Protection Officer (DPO) at heliumdocprivacy@heliumhealth.com to exercise your rights and file any complaints. You can also lodge a complaint with the Supervisory Authority atcdp@motc.gov.qa.
Bahrain: Bahrain’s Personal Data Protection Law is the applicable legal framework for data protection for your data if you reside in this country. Where necessary, authorisation is obtained from the Personal Data Protection Authority. It provides for your rights as a data subject and our obligation as a data controller to protect those rights. You can contact our Data Protection Officer (DPO) atheliumdocprivacy@heliumhealth.com to exercise these rights or file a complaint with the Supervisory Authority at dp-team@moj.gov.bh.
Oman: The primary legislation for safeguarding your data in Oman is the Personal Data Protection Law (PDPL). This law requires us to process your data with your consent or in line with other stipulated exceptions within the legislation. When dealing with sensitive data, we ensure we secure approval from the Ministry of Transport, Communications, and Information Technology. The right to object to the processing is not available under the law. Should you have any queries regarding your rights or our data processing methods, please get in touch with our Data Protection Officer (DPO) atheliumdocprivacy@heliumhealth.com If our response does not address your concerns, contact the Supervisory Authority directly at info@mtcit.gov.om.
13. Marketing and communications
We only send marketing communications to you with your consent. You can opt-out of our marketing or object to further processing by clicking on the 'unsubscribe' button at the bottom of the page.
14. Complaints
If you are concerned about an alleged breach of data protection law or any other regulation by us, you can contact the Data Protection Officer (DPO) at heliumdocprivacy@heliumhealth.com The DPO will investigate your complaint and provide information about how it is handled.
Please be informed that you may complain to the relevant data protection authority if your complaints are not satisfactorily addressed.
15. Changes to this Notice
We update our privacy notice from time to time. We will notify our users when we make a change, and visitors will know this by checking the last date of update on this page whenever they visit.
16. Contact Us
If you have any questions relating to this Notice, your rights under this Notice, or are not satisfied with how we manage your personal data, kindly reach out to our Data Protection Officer atheliumdocprivacy@heliumhealth.com or email us at contact@heliumdoc.com
