This page is used to inform website visitors regarding our policies with the collection, storage, processing, use, and disclosure of Personal Information if anyone decided to use our Service.

If you choose to use our Service, then you agree to the collection, storage, processing and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

1. WHAT DATA DO WE COLLECT?

Our Company collects the following data:

1. Personally identifiable information, including but not limited to, name, date of birth, gender, height, weight, phone number, email address, house address, blood type and profile picture.
2. Medical information, including but not limited to, alcohol consumption, diabetes status, blood pressure, blood sugar, cholesterol, smoking status.
3. Information necessary for financial processes such as billing, including but not limited to, credit/debit card information, city, state.
4. Clinician/Practice Accounts – If you are a Clinician or an employee of a Practice, we may collect personal information in connection with the creation or administration of your account, such as your name, email address, phone number, address, professional details, whether you work for or are affiliated with a Practice, and any other information that you provide to us or that we otherwise collect.

2. HOW DO WE COLLECT YOUR DATA?

You directly provide Our Company with most of the data we collect. We collect data and process data when you:

• Register online or place an order for any of our products or
• Voluntarily complete a customer survey or provide feedback on any of our message boards or via
• Correspond with us by phone, chat or
• Join an email mailing
• Request support from our customer support
• Use or view our website via your browser’s
• Apply for a job or secondment with
• Complete a symptom
• Book an appointment or order a repeat
• Fill in your medical history
• Track your vitals (blood pressure, blood sugar,)
• Attend or host conferences, trade shows and other events
• Deal in business development and strategic partnership

Unless otherwise indicated, the legal basis for the handling of your personal data results from the fact that such handling is required to make available the functionalities of the Website and/or Service requested by you.

The app, website, and web applications use third party services that may collect information used to identify you.

3. HOW DO WE USE YOUR INFORMATION?

We use and disclose your health information for the normal business activities that the law sees as falling in the categories of treatment, payment and healthcare operations. Below we provide examples of those activities, although not every use or disclosure falling within each category is listed:

A. Provide Our Services

We use your information to fulfil our contract with you and provide you with our Services, such as:

• Connecting you to patient portals to retrieve and download your health data and health insurance data;
• Assisting with the entry of your health data;
• To maintain the safety, security, and integrity of the
• Accessing patient education materials and preventive information;
• Providing a directory listing of Clinicians;
• Providing price comparison and cost of care estimation tools for services offered by physicians and other licensed professionals, labs, medications, imaging, and other clinical products or services;
• Conducting patient intake assessments through questionnaires to facilitate symptom-based triage, utilising patient-provided responses;
• Facilitating chat-based and video-based communication with Clinicians;
• Providing SMS, in-app, and push notification alerts and other types of messages directly sent to you outside or inside the Services if you opt-in to receive them (our Privacy Policy provides information describing our data processing practices with respect to these alerts and messages);
• Assisting with the generation of diagnostic orders and retrieval of results, e-prescriptions, and referrals to Clinicians; and
• Collection and processing of payments on behalf of Clinicians and other providers registered with DRO Health for clinical products and services rendered to or on behalf of patients.

B. Administrative Purposes

We use your information for various administrative purposes, such as:

• Managing your information and accounts;
• Providing access to certain areas, functionalities, and features of our Services;
• Answering requests for customer or technical support;
• Communicating with you about your account, activities on our Services, and policy changes;
• Processing your financial information and other payment methods for products or Services purchased;
• Processing applications if you apply for a job we post on our Services;
• Allowing you to register for events;
• Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
• Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
• Measuring interest and engagement in our Services;
• Improving, upgrading, or enhancing our Services;
• Developing new products and services;
• Ensuring internal quality control and safety;
• Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy;
• Debugging to identify and repair errors with our Services;
• Auditing relating to interactions, transactions, and other compliance activities;
• Sharing personal information with third parties as needed to provide the Services;
• Enforcing our agreements and policies; and
• Carrying out activities that are required to comply with our legal

C. Marketing and Advertising our Products and Services

We may use personal information to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law. Some of the ways we may market to you include email campaigns.

Our use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.

D. Other Purposes

We also use your personal information for other purposes as requested by you or as permitted by applicable law.

• With Your Consent. We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
• De-identified and Aggregated Information. We may use personal information to create de- identified and/or aggregated information, such as demographic information, information about the device from which you access our Services, or other analyses we create.

4. HOW DO WE PROTECT YOUR INFORMATION?

Our app is scanned on a regular basis for security holes and known vulnerabilities in order to make your use of our app as safe as possible.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.

All cards and transactions are processed through a gateway provider and are not stored or processed on our servers.

5. HOW DO WE STORE YOUR DATA?

We store the personal information we collect as described in this Privacy Policy for as long as you use our Services, or as necessary to fulfil the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defences, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

6. DISCLOSURE OF YOUR INFORMATION

We disclose your personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

A. Disclosures to Provide our Services

The categories of third parties with whom we may share your personal information are described below.

• Others You Share or Interact With – The Services may allow you to share personal information or interact with other individuals or Clinicians/Practices. For example, Patients may share personal information with Clinicians/Practices and Clinicians/Practices may interact with

Any personal information provided to Practices and/or Clinicians will also be subject to their terms, conditions, and policies.

We are not responsible for the processing of your personal information by other individuals or Clinicians/Practices that you share or interact with.

• Third-Party Services You Share or Interact With – Certain features and functionalities of the Services may link to or allow you to interface, interact, share information with, direct us to share information with, access and/or use third-party websites, services, products, and technology (collectively, “Third Party Services”). Third-Party Services may include, but are not limited to, diagnostic laboratories, diagnostic imaging centers, home phlebotomy providers, and pharmacies. Any information shared with or otherwise collected by a Third-Party Service may be subject to the Third-Party Service’s privacy policy. We are not responsible for the processing of personal information by Third-Party Services.

• Service Providers – We may share your personal information with our third-party service providers and vendors that assist us with the provision of our Services. This includes service providers and vendors that provide us with IT support, hosting, payment processing, customer service, and related services.
• Authorised Users of Clinicians and/or Practices – If you access our Services as an authorised user of one of our Clinician or Practice customers, that customer may access information associated with your use of the Services including personal information, usage data, the contents of communications, files associated with your account, and testing results. Your personal information may also be subject to the Clinician’s and/or the Practice’s privacy policy. We are not responsible for the processing of your personal information by these parties.
• Business Partners – We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.
• Affiliates- We may share your personal information with our company

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

7. YOUR PRIVACY CHOICES

The privacy choices you may have about your personal information are determined by applicable law and are described below.

• Email Communications: If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (for example, communications regarding our Services or updates to our Terms or this Privacy Policy).
• Text Messages: We may use SMS or MMS Text Messages for Multi-factor authentication, for transactional purposes, and for delivery of our Services.
• Mobile Devices: We may send you push notifications through our mobile application. You may opt out from receiving these push notifications by changing the settings on your mobile device. With your consent, we may also collect precise location-based information via our mobile application. You may opt out of this collection by changing the settings on your mobile device. However, we strongly recommend you do not opt out of push notifications, as notifications are used for the delivery of our Services.
• “DoNot Track”: Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honour DNT signals or similar mechanisms transmitted by web browsers.
• Cookies and Personalised Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device However, if you adjust your preferences, our Services may not work properly. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt- out of personalised advertisements on some mobile applications by following the instructions for Android, iOS, and others.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs.

Please note you must separately opt out in each browser and on each device.

8. WHAT ARE YOUR DATA PROTECTION RIGHTS?

Our Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

• The right to access– You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. We may charge you a small fee for this service.
• The right to rectification– You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.
• The right to erasure–You have the right to request that Our Company erase your personal data, under certain conditions.
• The right to restrict processing– You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.
• The right to object to processing–You have the right to object to Our Company’s processing of your personal data, under certain conditions.
• The right to data portability– This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
• The right to withdraw consent –Where we have obtained your consent to process your personal data, or consent to send you information, you may withdraw your consent at any time and we will cease to carry out the particular activity that you previously consented to, unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose, in which case we will inform you of this condition.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email – contact@drohealth.com

9. CHILDREN’S PRIVACY

The Services are not directed to children under 16, and we do not knowingly collect personal information from children. Children under the age of 18 require consent from their parents or guardians.

If you are a parent or guardian and believe your child has uploaded personal information to our site without your consent and wish to review information collected from your child, or have that information modified or deleted, you may contact us as described in “Contact Us” below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account, if applicable.

10. PATIENT-DOCTOR CONFIDENTIALITY

We may share medical information about you, including your medical history, illnesses and prescriptions, with our doctors; all of whom are registered with the Medical and Dental Council of Nigeria. We share your medical information and consultation history with every doctor you book a consultation with in order to enable them to better assess health conditions, advise you, and deliver the services that you request in accordance with our terms and conditions.

We ensure that all data transferred to doctors is protected by proper and appropriate safeguards, in addition to all our doctors being bound by the oath administered by the Medical and Dental Council of Nigeria. This is to ensure all doctors keep the personal information they receive safe, confidential and only use it for the purposes for which it is provided to them.

We disclose every doctor’s professional information on the mobile apps so all patients are given the tools to assess their options properly.

11. CHANGES TO THIS PRIVACY POLICY

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.

This Privacy Policy was last updated on the date above and replaces any other Privacy Policy previously applicable from this date.

12. HOW TO CONTACT US

If you have any questions about Our Company’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: contact@drohealth.com

Or contact our data protection officer at: dataprotection@drohealth.com

13. HOW TO CONTACT THE APPROPRIATE AUTHORITIES

You also have the right to raise any concerns about how your personal data is being processed by us with the National Information Technology Development Agency (NITDA):

Email: info@nitda.gov.ng Phone: +234 (0) 8168401851

Address: No 28 Port Harcourt Crescent, off Gimbiya Street, P.M.B 564, Area 11, Garki, Abuja