PRIVACY POLICY

International Health Management Services Limited

PRIVACY NOTICE

Effective Date: January 2024

International Health Management Services Limited (“the Company”) is committed to protecting your personal data in line with the Nigeria Data Protection Act (NDPA) 2023, applicable regulations, and our internal privacy and security policies. This Privacy Notice explains how we collect, use, disclose, transfer, and safeguard your personal data, as well as your rights under the law.

  1. Personal Data We Collect

We may collect and process personal data including, but not limited to:

  • Identification data (name, date of birth, gender, nationality, ID numbers, photographs).
  • Contact details (address, phone number, email).
  • Employment-related data (position, work history, qualifications).
  • Financial information (bank details, tax information).
  • Digital/IT data (IP address, device details, access logs).
  • Sensitive personal data (e.g., health, biometric, racial/ethnic data, political opinions, religious beliefs, or sexual orientation), only were necessary and permitted by law.
  1. Purposes of Processing

We collect and process personal data through secure systems for the following lawful purposes:

  • Compliance with the NDPA 2023 and other applicable laws/regulations.
  • Management of employees, contractors, customers, and third-party relationships.
  • Legal and regulatory compliance, risk management, and reporting obligations.
  • Fulfilment of statutory obligations to government agencies.
  • Protection of Company integrity, security, and reputation.
  • Safeguarding vital interests of individuals or the public.
  • Performance of contracts and provision of services.
  • Other lawful business-related purposes consistent with this Notice.
  1. Lawful Bases for Processing

We process personal data based on one or more of the following lawful bases as provided under the NDPA 2023:

  • Consent of the data subject.
  • Performance of a contract or pre-contractual steps.
  • Compliance with legal obligations.
  • Protection of vital interests of individuals.
  • Legitimate interests pursued by the Company, provided these do not override data subject rights.
  • Public interest or official authority (where applicable).
  1. Sharing and Disclosure of Data

We may disclose personal data to:

  1. Government Ministries, Departments, Agencies, and Regulatory Bodies – for compliance, reporting, or lawful requests.
  2. Authorized Data Processors and Service Providers – who act on our instructions and are bound by confidentiality and data protection obligations.
  3. Third-Party Partners – providing statutory, employment, or contractual benefits and services.
  4. Law Enforcement or Courts – where required by law.
  5. Emergency Services or Authorities – in cases of urgent protection of life, safety, or vital interests.
  6. Cross-Border Transfers – where necessary, subject to NDPC adequacy decisions, safeguards, or other lawful mechanisms.
  1. Data Subject Rights

Under the NDPA 2023, you have the right to:

  • Request access to your personal data.
  • Request information about your personal data
  • Request rectification of inaccurate or incomplete data.
  • Request deletion (“right to erasure”) in certain circumstances.
  • Restrict or object to processing.
  • Request data portability.
  • Withdraw consent at any time (where consent is the lawful basis).
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC).

Requests can be submitted through the contact details provided below.

  1. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws and regulations. Thereafter, data will be securely deleted or anonymized.

  1. Data Security & Safeguards

We take reasonable steps to ensure that personal data is accurate, complete, and up to date. Personal data is protected through appropriate technical, administrative and physical measures to prevent unauthorized access, loss, misuse or abuse, disclosure, alteration or destruction

  1. Accountability & Governance
  • International Health Management Services Limited has appointed/designated a Data Protection Officer (DPO) to oversee compliance.
  • All staff handling personal data receive regular training on privacy and security obligations.
  • Processing activities are documented and subject to periodic data protection audits in line with NDPC requirements.
  1. Contact Information

If you have any questions, concerns, or requests regarding your personal data, please contact:

Data Protection Officer
International Health Management Services Limited
33, Bishop Oluwole Street Victoria Island, Lagos, Nigeria.

Tel: (234) 9139695400

E-mail: rola@ihmsnigeria.com

              aogunsola@ihmsnigeria.com