Privacy Notice

  1. Introduction

One Global Medical Technology Ltd (“Helium Health”, “We”, “Us”, or “Our”) is a Medtech company established to transform Africa’s healthcare sector by providing cutting-edge technology solutions for all healthcare stakeholders in emerging markets. Various services are provided by our team to healthcare specialists and patients.

This Privacy Notice (“Notice”) governs your use of our website https://www.heliumhealth.com/ (‘the Website”), and any other software, online platform, website, mobile or tablet application or domains used to provide our services, including but not limited to Helium EMR, HeliumPay, HeliumCredit, Helium Cover, Helium Care Provision, and MyHelium (referred to as the “Services”). We provide this Notice because you have a right to know what information we collect, why we collect it, how it is protected and used, and the circumstances under which it may be disclosed. 

  1. Terms of Use

You are required to comply with the provisions of our Terms of Use in relation to the information provided.

  1. Your data that we process

Personal data is any information about an individual that can be used to identify that person directly or indirectly.  For example, while using the website, we may request personal information from you in order to contact or identify you, and some information may be collected automatically in order for our website to function properly. We also collect personal data from third-party sources or through your use of our services. We obtain the following information:

Health Care Providers/SpecialistsPatientsAll visitors
Full name of the person registering
Name of the health care facility 
Country of Residence
Email address
Phone number
Full name of medical professionals
Medical qualification
Type of facility
Location 
Financial details
Full name of the patient
Sex
Email address of the patient
Phone number
Age
Medical record/status
Home address
Country Gender Language
Financial details
Search queries;
The IP address used to connect your device to the internet for identification purposes;
Login email address and password;
Name of the internet service provider (ISP);
Date and time of visit;
Web pages visited, duration, and frequency of visits
Browsing Behaviour 
Device ID
  1. Sensitive Personal Data 

Sensitive personal data includes data pertaining to religious or other beliefs, sexual orientation, health, race, ethnicity, political views, trade union membership, criminal records, and any other sensitive personal information. We will only process sensitive personal data (health data) of patients on behalf of health care providers with the patients’ express consent or in order to fulfil the healthcare facility’s and care provider’s obligation to provide care service. 

  1. Cookies

Cookies are tools used to automatically collect information from you when you visit our website. We use cookies, and information about their usage is specified in our Cookie Notice

  1. Lawful Bases for processing data

We are required to process your data under at least one of these lawful bases:

  • Legitimate interest: Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided your rights and interests do not outweigh those interests.
  • Consent: You have given explicit consent for us to process your data for a specific purpose.
  • Contract: If the data processing is necessary for a contract with us or because we have asked you to take specific steps before entering that contract.
  • Legal obligation: If the processing of your data is necessary where there is a statutory obligation on us.
  1. Purpose of Processing Your Data and the Lawful Bases

We collect your data:

Purpose of ProcessingLawful Bases
To administer our businessTo help us to develop, improve, customise or restructure our servicesTo enforce our terms of service and any terms and conditions of any other agreements for our services.Legitimate interest, contract

To send marketing or promotional messages to youTo install non-strictly necessary cookies on your deviceTo manage personal/sensitive data of patients.Consent
To take statistical data and analytics for our use internally To send you service-related messagesTo analyse Site usage and provide, maintain and improve the content and functionality of the SiteLegitimate interest
To secure your data and prevent fraudLegitimate interest, legal obligation
To manage your account.To communicate with you and for patient support.To recommend and match you with a patient.To recommend your expert services to potential clients/patients.To address your inquiries, process your registration, and complete your transactions.To enable an easy and effective  payment system.Contract
To inform you whenever there are changes to our terms of business or servicesLegal obligation, contract
To fulfil our Know Your Customer (KYC) obligation.To interact with regulatory authorities or other public authorities concerning youLegal obligation
  1. Your Rights as a Data Subject

The law vests you with certain rights as a data subject. They include the right to:

  1. access personal data we hold about you by requesting a copy of the personal data we hold about you;
  2. rectify such information where you believe it to be inaccurate;
  3. restrict the processing of your data in certain circumstances;
  4. object to the processing of your data where we intend to process such data for marketing purposes;
  5. where feasible, receive all personal data you have provided to us—in a structured, commonly used, and machine-readable format—and transmit the information to another data controller;
  6. request the erasure of your data (also known as the right to be forgotten);
  7. withdraw your consent to the processing of your data; and
  8. lodge a complaint with a relevant authority where you have reason to believe that we have violated the term(s) of this Privacy Notice. (You may complain or seek redress from us within 30 days from when you first detected the alleged violation).

You may seek to exercise any of the above rights at any time by sending us an email at dataprivacy@heliumhealth.com

In the event of a complaint, users may direct such a complaint to the appropriate supervisory authority in their respective country.

  1.  Who we share your data with

The following third party is the entity we share .your data with:

Third PartiesPurpose of data sharing
Google AnalyticsWe use various Google APIs and services for our Website’s operation. Read Google’s Privacy Notice here.
HotjarWe use it to analyse how users interact with our website. Read Hotjar’s Privacy Notice here.
IntercomWe use their service to communicate with users and provide conversational support. Read Intercom’s Privacy Notice here.
Meta (Facebook)We use their service to measure ad impressions and to provide advertising and site analytics services. Read Meta’s Privacy Notice here.
Financial Institution(s)We collaborate with various financial institutions to develop and market our product, and we may only use this information to market-related products unless the customer has given consent for other uses.
Legal and Regulatory AuthorityWe may disclose your personal information if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, audit, or to protect any person’s safety, or to address fraud, security, or technical issues.
Service ProvidersWe will share your personal data with service providers in order for them to provide services to us, such as payment processing service providers, or to conduct data processing on our behalf, or for data verification, centralisation, or logistics purposes.

Note that if you wish to prevent your device’s operating system from sharing your personal data with Helium Health or with the third parties mentioned for profiling purposes, you can do so by setting up your device appropriately – namely, by changing the privacy settings on your device to disable/restrict any advertising tracking features. For more information on this, please see the following links:

  1. Retention of your data

The data and any other information we collect from you will be stored for as long as necessary to fulfil the purposes described in this Notice.

However, we will also retain data subject to relevant provisions of applicable laws, resolve disputes, prevent fraud and abuse, and enforce our legal agreements and policies. In addition, we delete your data for targeted marketing purposes once you unsubscribe from our marketing communications.

Please note that your data may be retained for a more extended period, notwithstanding your request to remove your data, where there is a legal requirement to do so.

  1. How your data is stored and secured

We are very particular about preserving your privacy and protecting your data. We deploy reasonable and appropriate technical and organisational measures to keep your data safe. However, we cannot completely guarantee the security of any information you transmit via our website, as the internet is not an entirely secure place. Nevertheless, we are committed to doing our best to protect you.

We protect your data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration.

Where there is an actual or suspected data breach capable of causing harm to your rights and freedoms, we will notify you without undue delay and use our best effort to remedy the breach promptly.

  1. International transfer of data

We transfer your personal information to foreign countries because we are a multinational corporation with subsidiaries in different countries. When transferring personal information to a country other than where we operate, we will take additional precautions to ensure its adequate protection.

To conduct international data transfers, we comply with applicable local laws and regulations in the countries we operate. This includes transferring data to countries deemed adequate under applicable laws, obtaining licences or approvals from the relevant authority, maintaining appropriate documentation, obtaining explicit consent, and performing contractual obligations. Furthermore, we can transfer when we have a legal obligation, need to establish or defend a legal claim, or there is a public interest obligation.  

In addition, we take additional precautions for the onward transfer of data and the selection of trustworthy third parties and service providers in third countries.

Please contact us to obtain relevant information regarding your data transfers to third countries (including the appropriate transfer mechanisms).

  1. Marketing and communications

We only send marketing communications to you with your consent. You may opt-out of our marketing or object to further processing by clicking on the ‘unsubscribe’ button at the bottom of the page.

  1. Complaints

If you are concerned about an alleged breach of data protection law or any other regulation by us, you can contact the Data Protection Officer (DPO) at dataprivacy@heliumhealth.com. The DPO will investigate your complaint and provide information about how your complaint is handled.

Please be informed that you may complain to the relevant data protection authority if your complaints are not satisfactorily addressed.

  1. Changes to this Notice

We update our privacy notice from time to time. We will notify our users when we make a change, and visitors will know this by checking the last date of update on this page whenever they visit.

  1. Contact Us

If you have any questions relating to this Notice, your rights under this Notice, or are not satisfied with how we manage your personal data, kindly reach out to our Data Protection Officer at dataprivacy@heliumhealth.com or email us at support@heliumhealth.com.

Last Updated: November 2022