Privacy Policy

MedikalHMS respects the privacy of our clients, their staff, and the patients whose data is managed through our platform. This policy explains how we collect, use, protect, and manage information when you use our services. By using MedikalHMS, you agree to the practices described in this policy.

1. Information We Collect

We collect information you provide directly, including: • Personal identification details (name, email address, phone number, role) • Hospital and facility information provided during onboarding • Technical data such as IP addresses, browser types, device identifiers, and usage logs • Patient data entered into MedikalHMS by authorized healthcare personnel (processed as a data processor on behalf of the hospital)

2. How We Use Your Information

We use collected information to: • Deliver, maintain, and improve our healthcare management platform • Process transactions and send related information, including purchase confirmations • Send administrative messages, updates, and security alerts • Respond to comments, questions, and requests for support • Comply with legal obligations and enforce our terms of service • Conduct analytics to understand usage patterns and improve user experience

3. Patient Data and Healthcare Privacy

MedikalHMS acts as a data processor for patient health information entered by hospitals (data controllers). We: • Process patient data solely according to instructions from the healthcare facility • Do not sell, rent, or disclose patient health information to third parties without authorization • Implement appropriate technical and organizational measures to protect health data • Sign data processing agreements (DPAs) with all healthcare clients • Comply with applicable healthcare data privacy regulations

4. Data Security

We take security seriously and implement multiple layers of protection: • AES-256 encryption for data at rest and TLS 1.3 for data in transit • Role-based access controls limiting data access to authorized personnel only • Regular third-party security audits and penetration testing • Automated backups with geographically distributed redundancy • Complete audit trails for all data access and modifications • Immediate breach notification procedures in compliance with applicable law

5. Data Sharing and Third Parties

We do not sell your personal data. We may share information with: • Service providers who perform services on our behalf (cloud hosting, analytics, payment processing), bound by confidentiality obligations • Legal and regulatory authorities where required by law • Business partners with your explicit consent All third-party processors are carefully vetted and bound by data processing agreements.

6. Data Retention

We retain personal data for as long as necessary to provide our services and comply with legal obligations. When you terminate your account, we delete or anonymize your data within 90 days, unless required by law to retain it longer. Patient data retention schedules are agreed upon with each healthcare facility client.

7. Your Rights

Depending on your location, you may have the right to: • Access the personal data we hold about you • Request correction of inaccurate data • Request deletion of your data (right to be forgotten) • Object to or restrict processing of your data • Request data portability • Withdraw consent at any time To exercise these rights, contact us at [email protected].

8. Cookies and Tracking

We use essential cookies required for the platform to function, as well as optional analytics cookies to understand how users interact with our services. You can manage your cookie preferences in your browser settings. We do not use tracking cookies for advertising purposes.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on our platform at least 30 days before the change takes effect. Continued use of MedikalHMS after changes constitute acceptance of the updated policy.

10. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact our Data Protection Officer: Email: [email protected] Phone: +234 (0) 800 000 0000 Address: 14 Admiralty Way, Lekki Phase 1, Lagos, Nigeria