One Global Medical Technology Ltd (“Helium Health”, “We”, “Us”, or “Our”) is a Medtech company established to transform Africa’s healthcare sector by providing cutting-edge technology solutions for all healthcare stakeholders in emerging markets. Various services are provided by our team to healthcare specialists and patients.
This Privacy Notice (“Notice”) governs your use of our website https://www.heliumhealth.com/ (“the Website”) and Helium EMR (referred to as the “Services”). We provide this Notice because you have a right to know what information we collect, why we collect it, how it is protected and used, and the circumstances under which it may be disclosed.
- Your data that we process
Personal data is any information about an individual that can be used to identify that person directly or indirectly. For example, while using the website, we process personal information from you to contact or identify you, and some information may be collected automatically for our website to function properly. We obtain the following information from you or through third parties:
|Health Care Providers/Specialists
|• Full name of the person registering
• Name of the healthcare facility
• Country of Residence
• Email address
• Phone number
• Full names of medical professionals
• Medical qualification
• Type of facility
• Financial details
|• Full name of the patient
• Email address of the patient
• Phone number
• Medical record/status
• Home address
• Financial details
|• Search queries
• The IP address used to connect your device to the internet for identification purposes
• Name of the Internet service provider (ISP)
• Date and time of visit
• Web pages visited, duration, and frequency of visits
• Browsing Behaviour
• Device ID
- Sensitive Personal Data
We process sensitive personal data, such as patients’ health information, only when we have a lawful basis or upon instructions from users of our various solutions.
We offer a range of products connected to this website, and we may also collect information from you while you use any of these products. These include:
a. Data and Insights: This product provides access to detailed health data and insights, aiming to unify Africa’s fragmented healthcare data ecosystem through digital health tools and an expanding network of stakeholders.
b. HeliumCredit: This product is a loan facility that allows healthcare facilities access to financial options that suit their needs. You can read HeliumCredit’s privacy notice here.
c. HeliumDoc: This product brings together top doctors and other healthcare professionals under one roof and provides a wide range of healthcare services, including but not limited to doctor and treatment search, in-clinic appointment booking, and telemedicine. You can read HeliumDoc’s privacy notice here.
d. HeliumOS: This product provides end-to-end digitalisation of medical records and hospital operations, which allows healthcare providers to access critical patient information quickly and easily.
e. HeliumWallet: This is an advanced payment processing platform that enables providers to process and manage payments from health management organisations and private patients.
f. Helium Mum: an Antenatal Risk Stratification (“ARS”) program, aimed at strengthening a newly developed ARS tool, that can provide differentiated care to pregnant women in Nigeria by early identification of the health risk levels for such women and determining healthcare plans for them.
- Cookies and tracking technologies
- Lawful Bases for processing data
We are required to process your data on at least one of these lawful bases as specified under the relevant data protection laws:
- Legitimate interest: Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided the legitimate interest does not outweigh the data subject’s rights.
- Consent: You have given explicit consent for us to process your data for a specific purpose.
- Contract: If the data processing is necessary for a contract with us or because we have asked you to take specific steps before entering that contract.
- Legal obligation: If the processing of your data is necessary where there is a statutory obligation on us.
- Purpose of Processing Your Data and the Lawful Bases
|Purpose of Processing
|▪ To help us develop, improve, customise, or restructure our services.
▪ To inform you whenever there are changes to our terms of business or services.
▪ To take statistical data and analytics for our internal use.
▪ To analyse site usage and provide, maintain, and improve the content and functionality of the website.
|▪ To send marketing or promotional messages to you
▪ To manage the personal/sensitive data of patients.
|▪ To secure your data and prevent fraud
|Legitimate interest, legal obligation
|▪ To send you service-related messages.
▪ To manage your account.
▪ To administer our services through any of our products you opt to use.
▪ To enforce our terms of service and any terms and conditions of any other agreements for our services.
▪ To communicate with you and ensure user support.
▪ To address your inquiries, process registration, and complete transactions.
|▪ To interact with regulatory authorities or other public authorities concerning you.
- Your Rights as a Data Subject
The law vests you with certain rights as a data subject. They include the right to:
- access personal data we hold about you by requesting a copy of the personal data we hold about you;
- rectify such information where you believe it to be inaccurate;
- restrict the processing of your data in certain circumstances;
- object to the processing of your data where we intend to process such data for marketing purposes;
- where feasible, receive all personal data you have provided to us—in a structured, commonly used, and machine-readable format—and transmit the information to another data controller;
- request the erasure of your data (also known as the right to be forgotten);
- withdraw your consent to the processing of your data; and
- not be subjected to a decision based solely on automated processing or profiling; and
- lodge a complaint with the regulatory authority where you have reason to believe that we have violated this Privacy Notice’s term(s). (You may complain or seek redress from us within 30 days from when you first detected the alleged violation.)
You may seek to exercise any of the above rights at any time by emailing us at email@example.com.
- Who do we disclose data to
We may share your data with third parties depending on the product you wish to use. To find out who we share your data with and why, please read the privacy notice for that specific product. When using our website, we share your data with the following third parties:
|Purpose of data sharing
|We use CookieYes to customise our cookie banner, record user consent and manage all our cookie compliance needs. You can read their privacy notice here.
|We use Google Tag Manager to centrally manage all user tracking codes. Read their privacy notice here.
|We use Intercom to communicate with users on the website and provide customer service support. Read their privacy notice here.
|We collaborate with various financial institutions to develop and market our product, and we may only use this information to market-related products unless the customer has given consent for other uses.
|Legal and Regulatory Authority
|We may disclose your personal information if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, audit, or to protect any person’s safety, or to address fraud, security, or technical issues.
|We will share your personal data with service providers in order for them to provide services to us, such as payment processing service providers, to conduct data processing on our behalf, or for data verification, centralisation, or logistics purposes.
- Retention of your data
The personal data we process will be stored for as long as necessary to fulfil the purposes described in this Notice. However, we will also retain personal data subject to relevant provisions of applicable laws, to resolve disputes, prevent fraud and abuse, and enforce our legal agreements and policies. In addition, we delete your data for targeted marketing purposes once you unsubscribe from our marketing communications.
Please note that your data may be retained for a longer period, notwithstanding your request to remove it, where there is a legal requirement to do so.
- Security of data
We prioritise your privacy and use advanced measures to protect your data. While no online platform is entirely foolproof, we are dedicated to safeguarding your information against loss, misuse, and unauthorised access. If a significant breach occurs, we will promptly inform you and act swiftly to address it.
- International transfer of data
We transfer your personal information to foreign countries because we are a multinational corporation with subsidiaries in different countries. When transferring personal information to a country other than where we operate, we will take additional precautions to ensure its adequate protection.
To conduct international data transfers, we comply with applicable local laws and regulations in the countries we operate. This includes transferring data to countries deemed adequate under applicable laws, obtaining licences or approvals from the relevant authority, maintaining appropriate documentation, obtaining explicit consent, and performing contractual obligations. Furthermore, we can transfer when we have a legal obligation, need to establish or defend a legal claim, or there is a public interest obligation.
In addition, we take additional precautions for the onward transfer of data and the selection of trustworthy third parties and service providers in third countries.
Please contact us to obtain relevant information regarding your data transfers to third countries (including the appropriate transfer mechanisms).
- Marketing and communications
We only send marketing communications to you with your consent. You can opt-out of our marketing or object to further processing by clicking on the ‘unsubscribe’ button at the bottom of the page.
If you have any inquiries or complaints, please contact our Data Protection Officer (DPO) at firstname.lastname@example.org. Our DPO will examine your concerns and update you on the resolution process.
- Changes to this Notice
We update our privacy notice occasionally. We will notify our users when we make a change, and visitors will know this by checking the last date of the update on this page whenever they visit.
- Contact Us
If you have any questions relating to this Notice, or your rights under this Notice, or are not satisfied with how we manage your personal data, kindly reach out to our Data Protection Officer at email@example.com.
Last Updated: December 2023