2nd Floor, Afriland Towers, 97/101 Broad St, Lagos.
Privacy Policy
INTRODUCTION
This Policy provides information on how the Company collects, processes, and protects your personal data when you visit our website and other related platforms (“Site”) or generally communicate with our personnel. It also explains the rights that you have in relation to your personal data.
The DPO shall be responsible for overseeing this Policy to ensure compliance with the provisions of the NDPA.
NATURE OF PERSONAL DATA WE COLLECT AND PROCESS
Avon Healthcare may collect any of the following personal data from you:
• Contact details such as your full name, postal addresses, phone numbers and email addresses.
• Demographic information such as your date of birth and gender.
• Online registration information such as your password and other authentication information.
• Payment details such as your credit card information and billing address; and
• In certain cases, your marketing preferences.
You provide this information through direct interaction when you visit our Site, sign up for our newsletters or publications, request marketing materials to be sent to you, respond to surveys, complete our feedback or comment form, provide your business card to any of our staff, sign our visitor management form, complete other forms, apply for employment through our careers page, or contact us to request for any information or other correspondence by post, email, our website or otherwise.
We automatically collect and store certain types of information regarding your use of our Site including information about your searches, views, downloads, and purchases.
Cookies
Cookies enable us to distinguish you from other users of our Site, which helps us to provide you with an improved browsing experience. The information is gained in a statistical manner for our use or advertisers’ use on our Site.
The data gathered will not identify you personally. It is strictly aggregate statistical data about our visitors and how they used our resources on the site. No identifying personal information will be shared at any time via cookies.
Close to the above, data gathering can be about general online use through a cookie file. When used, cookies are automatically placed in your hard drive where information transferred to your computer can be found. These cookies are designed to help us correct and improve our Site’s services or products for you.
You may elect to decline all cookies via your computer. Every computer has the ability to decline file downloads like cookies. Your browser has an option to enable the declining of cookies. If you do decline cookie downloads you may be limited to certain areas of our Site, as there are parts of our Site that require cookies.
Any of our advertisers may also have a use for cookies. We are not responsible, nor do we have control of the cookies downloaded from advertisements. They are downloaded only if you click on the advertisement.
USE OF YOUR PERSONAL DATA
We may use your personal data:
• To register and onboard you as a new user.
• To process and respond to your needs on our platform.
• To manage your relationship with us.
• To improve our website functionalities, products, and services.
• To comply with our legal and regulatory obligations, including verifying your identity where necessary.
• To prevent, detect, and manage risk against fraud and illegal activities.
• Any other purpose that we disclose to you in the course of providing products and services to you.
LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA
We are committed to ensuring that we legally process your personal data in our custody.
Avon Healthcare shall only process your personal data if at least one of the following conditions apply:
a. you have given your consent to the processing of his/her personal data for one or more specific purposes.
b. the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
c. processing is necessary for compliance with a legal obligation to which Avon Healthcare is subject;
d. processing is necessary in order to protect your vital interests or that of another natural person;
e. processing is necessary for the purpose of the legitimate interest pursued by Avon Healthcare, or by a third party to whom the data is disclosed subject to certain conditions; and
f. processing is necessary for the performance of a task carried out in the public interest or in exercise of official public mandate vested in Avon Healthcare.
SHARING OF YOUR PERSONAL DATA WITH THIRD PARTIES
We may need to share your personal data with third parties under the following circumstances:
a. To enable provide our services to you, end to end.
b. To analyze data, provide marketing assistance, process payments, transmit content, and provide customer service.
c. To comply with applicable laws and regulations or to respond to valid legal processes, including from law enforcement or other government agencies.
d. To protect the rights of our customers, operate and maintain the security of our systems and network to ensure the preservation of life and property and prevention of fraud and cyberattack.
e. To protect the rights or property of Avon Healthcare or others, including enforcing our agreements, terms, and policies.
DATA SECURITY AND RETENTION
We take the security of your personal data in our possession seriously. In line with our commitment to protect your personal data in our possession, we have developed appropriate organizational, technical, and physical measures to protect the personal data you provide, or we collect against unauthorized access, loss or theft, as well as against any risk of loss, disclosure, copying, misuse or modification. Such measures include but are not limited to the use of secure servers, firewall, multiple factor authentication security, data anonymization, and pseudonymization (as may be necessary), data encryption, and granting access on a need-to-know basis only to employees in order to perform their job responsibilities.
Avon Healthcare will only retain your personal data under the following circumstances:
a. As long as reasonably necessary for the purpose of providing our services to you; and
b. For the period needed to comply with our legal and statutory obligations under applicable law.
YOUR RIGHTS IN RELATION TO OUR COLLECTION AND PROCESSING OF YOUR PERSONAL DATA
You are entitled to exercise the following rights in relation to your personal data collected and processed by Avon Healthcare:
a. Right to withdraw consent in relation to the processing of their personal data.
b. Right to be informed regarding their personal data.
c. Right to request for and access any personal data collected and stored by Avon Healthcare.
d. Right to request the deletion of their data.
e. Right to be informed about appropriate safeguards in place where data is transferred abroad.
f. Right to request rectification of personal data which is stored by Avon Healthcare.
g. Right to request the transmission of data from Avon Healthcare to a third party (right to the portability of data).
h. Right to object to automated decision-making and processing.
i. Right to object to direct marketing.
j. Right to request the processing of their information.
SUBJECT ACCESS REQUEST RESPONSE PROCEDURE
a. Where you wish to exercise any of your data privacy rights, you may make a formal request by completing and uploading the completed Data Subject Access Request Form (DSAR Form).
b. We shall contact you within 5 working days of the receipt of the DSAR Form to confirm receipt of the subject access request and may request additional information to verify and confirm the identity of the individual making the request.
c. On receiving any request from you, we shall record the request and carry out verification of the identity of the individual making the request using the details provided in the DSAR Form and a valid means of identification such as international passport, driver’s license, national identification card or any other acceptable means of identification.
d. Where the request is from a third party (such as a relative or your representative), we will verify their authority to act for you and may contact you to confirm their identity and request your consent to disclose the information.
e. When your identity is verified, we shall coordinate the gathering of all information collected with respect to you in a concise, transparent, intelligible, and easily accessible form, using clear and plain language with a view to responding to the specific request. The information may be provided in writing, or by other means, including, where appropriate, by electronic means or orally provided that your identity is proven by other means. We may also contact you to ask you for further information in relation to your request to speed up our response.
f. Where the information requested relates directly or indirectly to another person, we will seek the consent of that person before processing the request.
However, where disclosure would adversely affect the rights and freedoms of others and we are unable to disclose the information, we will inform you promptly, with reasons for that decision.
FEES AND TIMEFRAME
• We shall ensure that we provide you with the requested information within one month from the receipt of the request. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. However, where we are unable to act on your request, we shall inform you promptly at least within one month of receipt of the request of the reasons for not taking action and give you the option of lodging a complaint with the Nigeria Data Protection Commission (NDPC), in line with the Nigeria Data Protection Act (NDPA) and Nigeria Data Protection Regulations (NDPR).
• Where the request relates to any perceived violation of your rights, we shall take appropriate steps to remedy such violations, once confirmed. Remedies shall include but not limited to the investigation and reporting to appropriate authorities, recovering the personal data, correcting it and/ or enhancing controls around it. You shall be appropriately informed of the remedies employed.
• Any information provided to you by us shall be provided free of charge. However, where requests are manifestly unfounded or excessive in particular because of their repetitive or cumbersome nature, we may:
a. Charge a reasonable fee taking into account the administrative costs of providing the information or communication, taking the action required, or making a decision to refuse to act on the request; or
b. Write a letter to you stating our refusal to act on the request and copying the NDPC.
EXCEPTIONS TO DATA SUBJECTS ACCESS RIGHTS
• To the extent permitted by applicable laws, we may refuse to act on your request, if at least one of the following applies:
a. in compliance with a legal obligation to which we are subject.
b. protecting your vital interests or of another natural person; and
c. for public interest or in exercise of official public mandate vested in us.
REVIEW OF OUR PRIVACY POLICY
We may need to review and make necessary updates, modifications, or amendments to our Privacy Policy to ensure compliance with applicable data protection legislation including the NDPA and NDPR, or as a result of changes in our systems and processes arising from the use of technology. We will notify you of any material changes in the way we collect and process your personal data by placing a notice online or via email. Your continuous use of our services after such notice, will be construed as your consent to carry on with the processing of your personal data.
DISPUTE RESOLUTION AND COMPLAINT HANDLING MECHANISM
In line with our objective of creating a rewarding customer experience on our website and mobile application, Avon Healthcare has developed a dispute resolution and complaint handling process to ensure the effective management and timely resolution of all complaints relating to this Privacy Policy. If you have any complaints regarding this Privacy Policy, please send us an email via [email protected]. We will investigate and work towards ensuring the prompt resolution of all disputes and complaints relating to the use and disclosure of personal data in line with the provisions of the NDPA and the NDPR.
In the event that the outcome of the resolution of your complaint is unsatisfactory, you are at liberty to lodge a complaint at the NDPC.
CONTACT DETAILS OF OUR DATA PROTECTION OFFICER (DPO)
If you have any questions or inquiries relating to the collection and processing of your personal data or the exercise of your rights as a data subject under the NDPA and NDPR, please send an email to our DPO via [email protected].
