South Shore Women’s and Children’s Hospital needs to gather and use certain personal data in delivering its services and fulfilling its obligations to you. We respect the trust you repose in us in providing us with your data and we are completely committed to preserving, protecting, and safeguarding your rights in accordance with the applicable principles of data privacy.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your interaction with us by sending a message to our Data Protection Officer identified below.
What type of information do we have?
The type of information we collect includes Personal Data. Personal Data refers to any piece of information that relates to an identified or identifiable living individual or pieces of information, which if collated together can lead to the identification of an individual person. Personal Data includes data such as email address, phone number, full name, account details, home address, school history, driver's license number, bank account number, medical history, passport number, etc pertaining to a natural person. It does not include data provided anonymously.
The specific types of personal data we may collect are as follows:
- Identity Data: includes data such as first name, maiden name, last name, social media username or similar identifier, marital status, title, date of birth, next-of-kin data, biometric data and gender.
- Contact Data: includes data such as home address, email address and telephone number.
- Financial Data: includes data such as salary structure, bank information and payment information.
- Transaction Data: includes data such as details about payments to and from you and other details of products and services you have purchased from us.
- Marketing and Communication Data: includes data such as regarding your preferences in receiving marketing from us as well as your communication preferences.
How do we collect your Data?
We use different methods to collect data from, and about you including through:
(a) Direct interactions
We collect your personal data when you provide the same to us in connection with your use of, or interest in our services. You may give us your data by filling in forms or by corresponding with us by post, phone, email, or otherwise.
(b) Automated technologies or interactions
As you interact with our website, we will automatically collect technical data about your equipment, browsing actions, and patterns. We may collect this personal data by using cookies and other similar technologies.
(c) Third parties or publicly available sources
We may also receive your personal data from third parties to whom you have legally provided such data to, such as your employer, benefactors, etc. To the extent that such data is disclosed by third parties, different rules may apply to their use or disclosure of your information. We do not control how they use or share your data and we cannot make any representations or warranties as to these.
We however have control over data that you have voluntarily shared to us directly or through your usage of our website. With your consent, we use your information to fulfil requests to receive information or materials from us, to carry out services for your benefit and to process applications and requests from you.
We do not use your data for any other purpose than for the purposes listed out in this policy and we do not sell, lend or rent any personally data about you to any third parties.
Why we collect Data?
We collect data to enable us to provide our services to you; or process requests or applications which you make or are made on your behalf with your consent; or to provide you with our services.
We collect data to be able to communicate with you, to provide further information on our products and services and to assist you (mail subscriptions).
We also collect data to be able to respond to questions or requests which you submit as well as anticipate and resolve problems with any services we offer to you.
On what Lawful Basis do we Process your Data?
Under the Nigeria Data Protection Regulation 2019 (NDPR), personal data may be processed under any of the following lawful basis:
• Consent of the data subject
• Performance of a contract with the data subject.
• Legal obligation
• Vital interest of individuals
• Public interest
While we mostly collect and process your data with your consent, we may collect and process your data under any of the identified lawful basis depending on the circumstance.
How you can control your Data
In addition to being able to limit the data your directly provide to us, you also have the option of exercising any of the below rights with respect to your data:
- Request information about any of your personal data which we are processing, and request access to your personal information which we possess.
- Request correction of personal information that we hold about you to make them more accurate or to reflect change in circumstances which the personal information we possess does not reflect.
- Request us to refrain from doing certain things with your data or restrict the extent of our collection or processing of your data.
- Request partial or complete erasure of your personal information.
- Object to our processing of your personal information where we are processing your personal information for direct marketing purposes.
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
- Request the transfer of your personal information to another party.
Do we share your Data?
It may be necessary for us to share your personal data with third parties such as:
• National Health Insurance Scheme or other Regulatory Authorities
• Service Providers,
We could disclose any information about you as required by law and we may make such disclosures to law enforcement agencies and government officials, as necessary or appropriate under the relevant circumstance. Other than these instances, we do not disclose or share your personal data provided to us without your authorisation.
How we manage, store, protect, retain, or delete your information?
We have well-maintained systems for storing and managing your data, and we commit to conscientiously utilising your data in consonance with the provisions of this policy.
We have suitable security measures in place to prevent your personal data from being accidentally lost or used or accessed in an unauthorised way by a third party.
In addition, we limit access to your personal data to only those employees, agents, contractors and other third parties who need to have access to their personal data to enable us to provide our services to you. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We admit however that no database is completely secure or “hacker proof” and we only guarantee the safety of your data to the extent of our undertaking all reasonable measures to protect your data.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements after which we will promptly delete your data from all our databases.
Where we have no further use for your data or where we have no continue legal or business rationale to keep your data, we shall delete your data or carry out any such activities to ensure your personal information in our possession is sufficiently destroyed.
Our Contact Information
South Shore Women’s and Children’s Hospital