Bonitas
Privacy

Privacy Policy

This Privacy Policy between Bonitas Health Maintenance Limited (233490), a Health Maintenance Organisation with registered office at 10 Birabi Street Port Harcourt, Rivers state (hereinafter referred to as the "Bonitas Health") and You, constitues our commitment to your privacy on our administrative records, websites, social media platforms, and premises.

The words "we", "us" or "our" in this privacy policy, refers to Bonitas Health Maintenance Limited.

Whereas:
  • We provide this Data Privacy to achieve our responsibilities under the Nigerian Data Protection Regulation (NDPR) which requires greater accountability and transparency from organizations regarding your personal information, and which gives you greater control over how we use it.
  • This Data Privacy Policy, therefore, clarifies how and when we collect personal data from and about you, why we do so, and how we treat this information and serves as a guide as to how personal data is managed by Bonitas Health. It also educates your rights concerning the collection of personal information and how you can exercise those rights.
1.0Your Privacy Rights

1.1This Privacy Policy describes your privacy rights regarding our collection, use, storage, sharing, and protection of your personal information.

1.2

You can exercise the following rights concerning your Personal Data with Bonitas Health:

  • Right to be informed - Organisations must tell individuals, what data of theirs is being collected, how it's being used, how long it will be kept and whether it will be shared with any third parties.
  • Right of access by the data subject - You have the right to request access to your data. This can be done by contacting Bonitas Health via the contact details in paragraph 12.0 below.
  • Right to withdraw consent - Where we have collected your data based on consent, you have the right to withdraw your consent at any time. Note that this could affect our ability to provide you with services.
  • Right to rectification - You have the right to have your data rectified where inaccuracies or incompleteness have been identified.
  • Right to erase (Right to be forgotten) - When we process personal data it is normally because there is a statutory basis for processing. In case we receive a request from you looking to excerise your right to erasure, we will assess whether the data can be erased without affecting our ability to provide future services to you or fulfill statutory obligations.
  • Right to restriction of processing - You can ask us to restrict the processing of your personal information in certain circumstances. We will implement and maintain appropriate proedures to assess whether a request to restrict the processing of your data can be implemented. Where the request for restriction of processing is carried out, then we will write to you to confirm the restriction has been implemented and when the restriction is lifted.
  • Right to data portability - Bonitas Health processes personal data it collects because there is normally a statutory basis for the processing. Where personal data on data subjects have been collected by consent or by contract, the data subjects have a right to receive the data in electronic format to give to another data controller.
  • Right to object - You have a right to object to the processing of your data in specific circumstances. Where such an objection is received, we will assess each case on its merits.
  • Right to complain - Bonitas Health will implement and maintain a complaints process whereby you will be able to contact the Data Protection Officer. The Data Protection Officer will work with you to bring the complaint to a satisfactory conclusion for both parties.

2.0Your Personal Information

2.1We collect personal data through the information you provided us or an affiliate on an application form for health plan coverages; when you use the Bonitas health Services; when you request further information about our products; when you apply for a job through our website; or when you contact us through any other means inluding information sent to us by your computer, mobile phone or other electronic access devices. We also collect information provided by your physician or other health care practitioner, your employer, or through all other related sources.

2.2By the use of our website, automatically collected information includes but is not limited to data about the pages yoy access, computer IP address, device ID or unique identifier, device type, geo-location information, computer and connection information, mobile network information, statistics on page view, traffic to and from the sites, referral URL, ad data, standard web log data, still and moving images.

2.3Generally, the personal data collected includes (but is not limited to) your name, address, phone number, national identity number, date of birth, age, sex, height and weight, occupation, health habits, and general medical information. It could also include accident and injury dates.

2.4We may also collect the information you provide us including but not limited to information on a web form, survey responses account to account to update information, email address, phone number, the organization you represent, official position, correspondence with Bonitas Health support services, and telecommunication with Bonitas Health. We may also collect information about your transactions, inquiries, and your activities on our platform or premises.

2.5We may also use the information provided by third parties like social media sites. Information about you provided by other sites is not controlled by Bonitas Health and we are, therefore, not liable for how such third parties use your information.

2.6We may also automatically collect some technical information when you visit our website, such as IP address and information about your visit such as pages that you viewed. This information assists us to understand customer interests and aids us to improve our website.

2.7If you have created a username, identification code, password, or any other piece of information as part of access security measures, you must treat such information as confidential, and you must not disclose it to any third party.

2.8We reserve the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in our opinion you have failed to comply with any of the provisions of this privacy policy.

3.0Consent

3.1You accept this privacy policy when you give consent upon access ot our platforms, or use our services, content, features, technologies or functions offered on our website, digitial platforms or visit any of our offices for official or non-official purposes (collectively the "Bonitas Health Services").

3.2You also acknowledge that by completing and signing our registration form for any of our health plans, you have given consent to Bonitas Health HMO to request or inspect medical and other records maintained by your selected hospital for case management and complaint resolution purposes.

3.3This privacy policy governs the use of the Bonitas Health Services by our users and stakeholders unless otherwise agreed through a written contract. We may amend this privacy policy at any time by posting a revised version on our website or placing such notice at conspicuous points at our office facilities. The current version of this policy was last update 13th June 2024. The revised version will be effective 7 days after publication.

4.0Usage of Personal Data

4.1

We use your personal information to fulfill our contractual obligations with you i.e., to perform transactions and functions necessary to implement and administer the health plan benefits purchased from us. On occasion, your personal information is also used for reporting or other functions. These functions include but are not limited to:

  1. processing applications and sending notices about your transactions to requisite parties;
  2. verifying your identity;
  3. resolving disputes, collecting fees, and troubleshooting problems with any services we offer to you;
  4. managing risk, or detecting, preventing, and/or remediating fraud or other potentially prohabited or illegal activities;
  5. improving Bonitas Health Services by implementing aggregate customer or user preferences;
  6. measuring the performance of Bonitas Health Services and improving content, technology and layout;
  7. tracking information breach and remediating such identified breaches;
  8. contacting you at any time through your provided telephone number, email address or other contact details;
  9. to provide further information on our products and services (mail subscriptions);

4.2Although we will only use personal data for the purpose for which we collected it, if there is a need to use your data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so. We may anomyize your personal data so that it can no longer be associated with you in which case it is no longer personal data.

5.0Cookies

Cookies are small files placed on your computer's hard drive that enables the website to identify your computer as you view different pages. Cookies allow websites and applications to store your preferenced in order to present contents, options or functions that are specific to you. Like most interactive websites, our website uses cookies to enable the tracking of your activity for the duration of a session. Our website uses only encrypted session cookies which are erased either after a predefined timeout period or once the user logs off the platform and closes the browser. Session cookies do not collect information from the user's computer. They will typically store information in the form of a seesion identification that does not personally identify the user.

6.0How we protect your personal information

We store and process your personal information on Bonitas Health's database. Where we need to transfer your data to another country, such country must have an adequate data protection law. We will seek your consent where we need to send your data to a country without an adequate data protection law. We protect your information using physical, technical, and administrative security measures to reduce the risk of loss, misuse, unauthorized access, disclosure, and alteration. Some of the safeguards we use are firewalls and data encryption, physical access controls to our data centers, and information access authorization controls. We will notify you and any appilcable regulator of a breach where we are locally required to do so.

Nonetherless, we admit that no database is absolutely secure, and we only guarantee the safety of your data to the extent of our undertaking all reasonable measures to protect your data.

7.0How we share your information within Bonitas health and with other users

7.1We respect your privacy and limit the disclosure of personal data to third parties. We do not sell, give or trade any personal data that we obtain from you to any third party for data mining or marketing purposes. However, we work with third parties to perform our Services. In doing so, we may share any of the information we collect about you with third parties, namely the National Health Insurance Scheme or other Regulatory Authorities and other service providers (such as hospitals) that perform other services on our behalf, including administrative services. We may also disclose any of the retained to audit medical records and billings.

7.2The type and the amount of information we share with others is limited to what is necessary to implement and administer the health plan you have with us, or as otherwise permitted or required by law.

7.3You accept that your pictures and testimonials on all social media platforms about Bonitas Health can be used for limited promotional purposes by us. This does not include your trademark or copyrighted materials.

7.4From time to time we may send you relevant information such as news items, enforcement notices, statuorily mandated notices, and the essential information to aid the implementation of our mandate. We may also share your personal information in compliance with national or international laws, crime prevention, and risk management agencies and service providers.

8.0Data protection principles

In line with the Nigerian Data Protection Regulation 2019 (NDPR), personal data may be processed under any of the following lawful basis: Consent of the data subject, performance of a contract with the data subject, legal obligation, vital interest of individuals and public interest.

Although we mostly collect and process your data with your consent, we may collect and process your data under any of the identified lawful basis depending on the circumstance.

Futhermore, all processing of personal data shall be conducted in accordance with the data protection principles set out in part 2 of the Nigerian Data Protection Regulations. In addition, our policies and procedures are designed to ensure compliance with the following principles:

  • Lawful - the legal basis for processing personal data is normally based on relevant legislation. We are permitted by law to process information for administrative schemes, statutory schemes and core functions. Where there is no statutory basis, then we will request your consent at the time that the information is collected.
  • Fairly - For processing to be fair, we have to make certain information available to you. This applies whether the personal data was obtained directly from you or other sources.
  • Transparently - We will provide a Data Privacy Policy upfront whenever you are sharing personal information with Bonitas Health. We will ensure that the information provided is detailed and specific, and that the information is written in plain English which will be understandable and accessible.
9.0Security and Retention of Your personal Data

9.1We maintain physical, electronic, and procedual safeguards to protect your personal information. We access and use your personal information to the extent necessary to administer the health plan services you are entitled to. We establish confidentiality agreements with contracted parties that receive non-public personal financial and health information about you. We restrict access to your non-public personal, financial, and health information to those employees who need to know that information to administer the product or service you purchased from us.

9.2To prevent unauthorized access to your information, we have implemented strong controls and security safeguards at the technical and operational levels. Our website uses Secure Sockets Layer/Transport Layer Security (SSL/TLS) to ensure secure transmission of your Personal Data. You should see the padlock symbol in your URL address bar once you are successfully logged into the platform. The URL address will also start with https:// depicting a secure webpage. SSL applies encryption between two points such as your PC and the connecting. Any data transmitted during the session will be encrypted before transmission and decrypted at the receiving end. This is to ensure that data cannot be read during transmission.

9.3Bonitas Health has also taken measures to comply with global Information Security Management Systems. We have, therefore, have put in place digital and physical security measures to limit or eliminate possiblities of data privacy breach incidents.

9.4Personal data will be retained for as long as necessary to fulfill the purpose for which it was collected and processed including the purpose of satisfying any legal, regulatory, accounting, or reporting requirements. For the appropriate retention period, consideration will be given to the amount, nature, and sensitivity of the Data, potential risk of harm from unauthorized use or disclosure, and appilcable legal requirements.

9.5Upon expiry of the applicable retention period, we will securely destory your Personal Data in accordance with applicable laws and regulations.

10.0Links to Other Websites and Premises

10.1Certain transaction processing channels may require links to websites or organizations other than ours. Please note that Bonitas Health is not responsible and has no control over website outside its domain. We do not monitor or review the content of other party's websites that linked from our website or media platforms.

10.2Opinions expressed or materials appearing on such websites are not necessarily shared or endorsed by us, and Bonitas Health should not be regarded as the publisher of such opinions or materials.

10.3Please be aware that we are not responsible for the privacy practices, or content of these sites.

10.4We encourage our users to be aware of when they leave our site and to read the privacy statements of these sites. You should evaluate the security and trustworthiness of any other site connected to this site or accessed through this site yourself, before disclosing any personal information to them.

10.5Bonitas Health will not accept any responsiblity for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal information.

11.0Governing Law

This privacy policy is made pursuant to the Nigeria Data Protection Regulation 2019 and other relevant Nigerian laws, regulations, or international conventions applicable to Nigeria. Where any provision shall be subject to the overriding law, regulation, or convention.

12.0Changes to Privacy Notice

Due to constant changes in technology and regulatory requirements, we may need to change our privacy notice or update it from time to time. The most recent version can always be accessed on the website.

13.0Contact

13.1If you know or suspect that anyone other than you know your security details, you must promptly notify us at care@bonitashmo.org

13.2For further inquries or complaints, you can contact our Customer Service at 0000000000. If you are an employer representative, you can call the Call Centre +234(0)17120263