Updated on October 12, 2023
HeliumDoc and its affiliates ( collectively or individually as applicable, referred to as “HeliumDoc” "We", "Us", or "Our") offer users a platform to quickly access the services of top healthcare providers in Africa (including Nigeria, Kenya, and Uganda) and the respective Gulf Cooperation Council (GCC) member states, namely Bahrain, Oman, Qatar, Saudi Arabia, Kuwait and the United Arab Emirates.
This Privacy Notice (“Notice”) governs your use of Our website https://www.heliumdoc.com/ (‘the Website”), and any other software, online platform, website, mobile or tablet application or domain used to provide Our medical services (referred to as the “Services"). We provide this Notice because you have a right to know what information We collect, why We collect it, how it is protected and used, and the circumstances under which it may be disclosed.
Personal data is any information about an individual that can be used to identify that person directly or indirectly. For example, while using the website, we may request personal information from you in order to contact or identify you, and some information may be collected automatically in order for our website to function properly. We also collect personal data from third-party sources or through your use of our services, such as when you sign-up or register for any of our services. We obtain the following information:
|Health Care Providers/Specialists
|Full name of the person signing up
|Full name of the patient
|Name of the health care facility
|Email address of the patient
|The IP address used to connect your device to the internet for identification purposes
|Country of Residence
|Login email address and password
|Name of the internet service provider (ISP)
|Date and time of visit
|Full names of medical professionals
|Web pages visited, duration, and frequency of visits
|Type of facility
Sensitive personal data includes data pertaining to religious or other beliefs, sexual orientation, health, race, ethnicity, political views, trade union membership, criminal records, and any other sensitive personal information. We will only process sensitive personal data (health data) of patients on behalf of health care providers with the patients' express consent or in order to fulfil the healthcare facility's and care provider's obligation to provide care services.
We are required to process your data under at least one of these lawful bases, as specified under the relevant data protection laws:
Purpose of Processing Your Data and the Lawful Bases
|Purpose of Processing
|Legitimate interest, contract
|Legitimate interest, legal obligation
Depending on your location and subject to applicable law, you are vested with certain rights as a data subject. They include the right to:
You may seek to exercise any of the above rights at any time by sending us an email at firstname.lastname@example.org.
In the event of a complaint, users may direct such a complaint to us or to the appropriate supervisory authority in their respective country. See section 12 on jurisdiction-specific provisions for more details.
The data and any other information we collect from you will be stored for as long as necessary to fulfil the purposes described in this Notice.
However, we will also retain data subject to relevant provisions of applicable laws, resolve disputes, prevent fraud and abuse, and enforce our legal agreements and policies. In addition, we delete your data for targeted marketing purposes once you unsubscribe from our marketing communications.
Please note that your data may be retained for a longer period, notwithstanding your request to remove it, where there is a legal requirement to do so.
We are very particular about preserving your privacy and protecting your data. We deploy reasonable and appropriate technical and organisational measures to keep your data safe. However, we cannot completely guarantee the security of any information you transmit via our website, as the internet is not an entirely secure place. Nevertheless, we are committed to doing our best to protect you.
We protect your data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure, and alteration.
Where there is an actual or suspected data breach capable of causing harm to your rights and freedoms, we will notify you without undue delay and use our best effort to remedy the breach promptly.
As a multinational with a presence in multiple countries, we may transfer your personal data outside our country of operation or where you are resident. We sometimes transfer data internationally using third-party providers when we offer our services. We ensure any cross-border data transfers adhere to all necessary data protection regulations. This means that before transferring personal data, we either confirm that the recipient country has robust data protection laws or, if not, employ specific contractual terms and other appropriate safeguards to protect the data. In cases where the destination country might not meet stringent data protection standards, we will leverage the relevant data transfer mechanism, seek authorisation from the regulator, or obtain your consent before proceeding and inform you of any risks. Wherever your data is processed globally, we ensure the consistent application of the protections outlined in this notice. Should you wish to learn more about how we ensure data protection during these transfers, details will be provided upon request.
Nigeria: The Nigeria Data Protection Act (NDPA) provides for the rights of data subjects, including the right to access, object to processing, restrict processing, data portability, not to be subject to automated processing, erasure, rectification, withdraw consent to processing and the right to lodge a complaint with the supervisory authority. You can contact our DPO email@example.com at any time to exercise any of these rights. In the case of a complaint, you can contact the Supervisory Authority at firstname.lastname@example.org.
Kenya: Data is processed in Kenya according to the Data Protection Act and the Data Protection Regulations. The legal framework provides for the rights of data subjects, which we respect. We also ensure that our processing is in accordance with the relevant law. You can contact our DPO email@example.com for any inquiries or to exercise your rights. In case you have a complaint, feel free to contact the Supevisory Authority at firstname.lastname@example.org.
Uganda: Uganda’s Data Protection and Privacy Act and its Data Protection and Privacy Regulations regulate the processing of personal data in the country and any international transfer of data. It provides for the rights of data subjects, such as the right to erasure, blocking, destruction, access, rectification, prevention of processing, appeal to a decision to continue processing, and automated processing. If you wish to exercise your rights, you can contact our DPO email@example.com. Data subjects can lodge any complaint with the Supervisory Authority at firstname.lastname@example.org.
Saudi Arabia: The relevant law is the Saudi Arabia Personal Data Protection Law (PDPL), which provides for your rights as a data subject. Although the law does not provide for the right to object to processing, restrict processing, or demand not to be subject to automated decision making, you have the right to information, access, data portability, rectification, and destruction of your data. You can contact our Data Protection Officer (DPO) at email@example.com to exercise any of these rights. Alternatively, you can lodge a complaint directly with the Supervisory Authority, the Saudi Data and Artificial Intelligence Authority (SDAIA), at firstname.lastname@example.org.
Kuwait: The Data Privacy Protection Regulation (DPPR) provides for your rights as a data subject using our services in Kuwait. We process your data only based on your consent and in accordance with the principles of lawful processing as provided under the regulations. We will not transfer your data outside Kuwait unless you have consented to such a transfer. You can contact our DPO email@example.com to learn more about how we process your data or lodge a complaint with the Supervisory Authority at firstname.lastname@example.org.
The United Arab Emirates: We process data in the UAE according to the Federal Law on the Protection of Personal Data. You can get in touch with us to exercise your rights under the data protection law by contacting our Data Protection Officer (DPO) at email@example.com.
Qatar: The applicable law is the Qatar Personal Data Privacy Protection Law (PDPPL), which provides for the rights of data subjects and imposes obligations on us to ensure the security of your data. You can contact our Data Protection Officer (DPO) at firstname.lastname@example.org to exercise your rights and file any complaints. You can also lodge a complaint with the Supervisory Authority email@example.com.
Bahrain: Bahrain’s Personal Data Protection Law is the applicable legal framework for data protection for your data if you reside in this country. Where necessary, authorisation is obtained from the Personal Data Protection Authority. It provides for your rights as a data subject and our obligation as a data controller to protect those rights. You can contact our Data Protection Officer (DPO) firstname.lastname@example.org to exercise these rights or file a complaint with the Supervisory Authority at email@example.com.
Oman: The primary legislation for safeguarding your data in Oman is the Personal Data Protection Law (PDPL). This law requires us to process your data with your consent or in line with other stipulated exceptions within the legislation. When dealing with sensitive data, we ensure we secure approval from the Ministry of Transport, Communications, and Information Technology. The right to object to the processing is not available under the law. Should you have any queries regarding your rights or our data processing methods, please get in touch with our Data Protection Officer (DPO) firstname.lastname@example.org If our response does not address your concerns, contact the Supervisory Authority directly at email@example.com.
We only send marketing communications to you with your consent. You can opt-out of our marketing or object to further processing by clicking on the 'unsubscribe' button at the bottom of the page.
If you are concerned about an alleged breach of data protection law or any other regulation by us, you can contact the Data Protection Officer (DPO) at firstname.lastname@example.org The DPO will investigate your complaint and provide information about how it is handled.
Please be informed that you may complain to the relevant data protection authority if your complaints are not satisfactorily addressed.
We update our privacy notice from time to time. We will notify our users when we make a change, and visitors will know this by checking the last date of update on this page whenever they visit.
If you have any questions relating to this Notice, your rights under this Notice, or are not satisfied with how we manage your personal data, kindly reach out to our Data Protection Officer email@example.com or email us at firstname.lastname@example.org