Privacy Policy

This section details how MedSift collects, uses, protects, and shares user data, including personal and health information, in compliance with applicable data protection regulations.

 

Types of Data Collected

  • Personal Information: Email, name, phone number, location.
  • Medical Information: Medical history and records set up by users.
  • Usage Data: Search history and other interactions within the platform.

 

How Data is Collected

  • Registration: Basic personal information is collected during onboarding.
  • Consultations and Prescriptions: Medical information may be collected during consultations and prescription setups.
  • User Interactions: Data from searches and other platform interactions.

 

Purpose of Data Collection

  • User Identification: To uniquely identify users and provide personalized experiences.
  • Service Improvement: To enhance the quality and functionality of services.
  • Targeted Advertising: Limited use of anonymized data (location, service categories) for relevant in-app ads, with opt-out options available.

 

Data Sharing and Third-Party Access

  • User-Authorized Sharing: Users can choose to share medical records with healthcare providers via the platform.
  • Legal Compliance: Data may be shared with government authorities upon receipt of a court order.
  • Third-Party Services: Data shared with third-party vendors (e.g., for analytics or payment processing) is limited, secure, and compliant with privacy laws. MedSift is not responsible for third-party privacy practices.

 

Data Storage and Security Measures

  • Cloud Security: All data is securely stored on cloud servers with stringent security measures.
  • Encryption: End-to-end encryption for chats and AES-256 encryption for data at rest. Data in transit is protected using TLS/SSL protocols.
  • Access Control: Role-based access control (RBAC) and multi-factor authentication (MFA) restrict access to authorized personnel only, following the least privilege principle.
  • Retention: Chats and health records are stored to facilitate future requests, retained as required by law, and securely deleted or anonymized when no longer needed.

 

User Rights

  • Creation and Access: Users can create, access, and view their personal and medical data.
  • Correction and Deletion: Users have the right to correct or delete their data, subject to legal requirements.
  • Sharing Control: Users can control the sharing of medical records with third parties.
  • GDPR Rights (for EU Users): Rights to access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent. Users can lodge complaints with MedSift whenever needed.

 

Cookies Policy

  • Types of Cookies:
    • Session Cookies: Temporary cookies for session continuity.
    • Persistent Cookies: Store preferences and login information for future visits.
    • Third-Party Cookies: Used for analytics and advertising, gathering anonymized data on app usage.
  • Purpose: Enhance user experience, perform analytics, and ensure functionality.
  • Management: Users can manage or disable cookies via browser or app settings, but disabling may compromise functionality.
  • Consent: By using the app, users consent to cookie usage, with options to adjust preferences.

 

Data Protection

  • Encryption: Industry-standard encryption (TLS/SSL for transit, AES-256 for rest) protects data from interception and unauthorized access.
  • Audits: Regular internal and external security audits identify and address vulnerabilities.
  • Breach Notification: A comprehensive incident response plan ensures prompt notification of affected users and authorities in case of a breach.
  • Employee Training: Training and awareness programs for employees on data protection best practices.

 

Children's Privacy

  • Age Requirement: MedSift is for users aged 18 and above. Children under 18 are prohibited from using the platform or registering accounts.
  • Parental Responsibility: Parents must monitor children's online activity and ensure login details are secure to prevent unauthorized access.
  • Consequences: Accounts accessed by minors will be suspended, funds forfeited, and misuse investigated, with potential legal action.

 

GDPR Compliance (for EU Users)

  • Legal Basis: Data processing is based on contract performance, consent, legitimate interests, or legal obligations, ensuring user rights are not overridden.
  • Data Protection Officer: Contact at medsiftng@gmail.com for GDPR-related inquiries.
  • Cross-Border Transfers: Data transfers outside the EU use adequacy decisions, Standard Contractual Clauses (SCCs), or Binding Corporate Rules to ensure GDPR compliance.

 

Health Information

  • Compliance: Adheres to Nigerian Data Protection Regulation (NDPR) and GDPR for EU users, following health information best practices.
  • Patient Rights: Full access to EMRs, control over sharing, correction of inaccuracies, and saving prescriptions to the EMR section.
  • Access Procedures: EMRs are accessible via user accounts. Providers must verify identity via virtual calls before sharing records and use the secure chat system for prescriptions and results.
  • Security: Encrypted health data, restricted access to approved providers, and patient responsibility for password protection.

 

In-App Advertising

Medsift uses non-personally identifiable information (location, service categories) to deliver targeted health-related ads (banner, video, search, in-app). Advertisers must comply with local laws (e.g., ARCON) and MedSift's guidelines, prohibiting misleading, offensive, or non-health-related content. Users can report inappropriate ads for review and potential removal.

 

Transparency Report

  • Requests Handled: MedSift processes government, law enforcement, and civil litigation requests for data, ensuring compliance with NDPR and GDPR.
  • Process: Requests are reviewed for legality, limited in scope, and users are notified where permitted. Invalid requests are challenged.
  • Reports: Semi-annual Transparency Reports detail the frequency and nature of requests, balancing transparency with user security and legal constraints.

 

Limitations and Disclaimers

  • Data Security: No system is completely secure. MedSift is not liable for unauthorized access or data loss despite robust measures, except in cases of gross negligence.
  • Cookies: Disabling cookies may compromise functionality. MedSift is not liable for issues arising from third-party cookies.
  • Third-Party Services: MedSift is not responsible for third-party privacy practices or content.
  • User Responsibility: Users must protect login credentials and report unauthorized access promptly.

 

Contact Information

For privacy concerns, contact MedSift at medsiftng@gmail.com or +234-701-352-7505