Privacy Policy

Promise Medical Centre Ltd ("PMC", "we", "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal and health information when you use our website or book an appointment with us, in accordance with the Nigeria Data Protection Act 2023 (NDPA).

1. Data Controller

Promise Medical Centre Ltd
132 Dopemu Road, Agege, Lagos, Nigeria
19 Plaza Road, Sango-Ota, Ogun State, Nigeria
Email: info@promisemedicalcentre.org
Phone: +234 703 438 9645

2. Information We Collect

2.1 Information you provide directly

Appointment booking: full name, phone number, email address (optional), department, preferred doctor, date and time, and payment method.
Contact form: name, email, phone, and message.
Newsletter: email address.

2.2 Information collected automatically

Technical data: IP address, browser type, device type, pages visited, and time of visit — collected via server logs.
Session data stored in your browser's sessionStorage to preserve your booking form if your connection drops mid-session. This data is never sent to our servers and is cleared when the tab closes.

3. Legal Basis for Processing

Purpose	Legal Basis (NDPA s.25)
Processing your appointment booking	Performance of a contract / pre-contractual steps
Sending confirmation emails	Legitimate interest + consent (you provided your email)
Newsletter subscription	Consent (opt-in)
Improving our website	Legitimate interest
Legal and compliance obligations	Legal obligation
Health / medical data	Explicit consent + vital interests of the data subject

4. How We Use Your Information

To book, confirm, and manage your appointment.
To send you an appointment confirmation email (where you provided an email address).
To send our health newsletter (where you opted in — unsubscribe at any time).
To improve our website and services.
To comply with legal, regulatory, and clinical record-keeping obligations.
To respond to enquiries submitted through the contact form.

We do not use your information for automated decision-making or profiling that produces legal effects.

6. Data Retention

Appointment records: retained for 6 years from the date of the appointment, in line with medical records regulations.
Contact enquiries: retained for 2 years.
Newsletter subscriptions: retained until you unsubscribe, after which we keep a suppression record for 1 year.
Server access logs: retained for 90 days.

7. Your Rights

Under the NDPA 2023, you have the right to:

Access your personal data we hold about you.
Rectification of inaccurate data.
Erasure ("right to be forgotten") where there is no lawful reason to retain it.
Restriction of processing in certain circumstances.
Data portability — receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests.
Withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, email info@promisemedicalcentre.org with "DATA REQUEST" in the subject line. We will respond within 21 days.

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at info@ndpc.gov.ng.

8. Security

We implement industry-standard technical and organisational measures to protect your data, including:

AES-256 encryption at rest (Supabase).
TLS encryption in transit (HTTPS enforced).
Role-based access controls and Row Level Security (RLS) on all database tables.
HTTP security headers (HSTS, CSP, X-Frame-Options).
All admin actions are logged to an immutable audit trail.

If you believe your data has been compromised, contact us immediately at info@promisemedicalcentre.org.

9. Cookies

We use a small number of essential cookies to keep your session secure and remember your preferences. For full details, see our Cookies Policy.

10. Children

Our online appointment booking service may be used to book appointments on behalf of minors by their parent or legal guardian. We do not knowingly collect personal data directly from children under the age of 13 without verifiable parental consent.

11. Changes to This Policy

We may update this policy periodically. Material changes will be notified by a prominent notice on our website. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our website after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related enquiries:

Email: info@promisemedicalcentre.org
Post: Promise Medical Centre Ltd, 132 Dopemu Road, Agege, Lagos
Phone: +234 703 438 9645

See also: Terms of Use · Cookies Policy · Patient Rights

1. Data Controller

Promise Medical Centre Ltd
132 Dopemu Road, Agege, Lagos, Nigeria
19 Plaza Road, Sango-Ota, Ogun State, Nigeria
Email: info@promisemedicalcentre.org
Phone: +234 703 438 9645

2. Information We Collect

2.1 Information you provide directly

Appointment booking: full name, phone number, email address (optional), department, preferred doctor, date and time, and payment method.
Contact form: name, email, phone, and message.
Newsletter: email address.

2.2 Information collected automatically

Technical data: IP address, browser type, device type, pages visited, and time of visit — collected via server logs.
Session data stored in your browser's sessionStorage to preserve your booking form if your connection drops mid-session. This data is never sent to our servers and is cleared when the tab closes.

3. Legal Basis for Processing

Purpose	Legal Basis (NDPA s.25)
Processing your appointment booking	Performance of a contract / pre-contractual steps
Sending confirmation emails	Legitimate interest + consent (you provided your email)
Newsletter subscription	Consent (opt-in)
Improving our website	Legitimate interest
Legal and compliance obligations	Legal obligation
Health / medical data	Explicit consent + vital interests of the data subject

4. How We Use Your Information

To book, confirm, and manage your appointment.
To send you an appointment confirmation email (where you provided an email address).
To send our health newsletter (where you opted in — unsubscribe at any time).
To improve our website and services.
To comply with legal, regulatory, and clinical record-keeping obligations.
To respond to enquiries submitted through the contact form.

We do not use your information for automated decision-making or profiling that produces legal effects.

6. Data Retention

Appointment records: retained for 6 years from the date of the appointment, in line with medical records regulations.
Contact enquiries: retained for 2 years.
Newsletter subscriptions: retained until you unsubscribe, after which we keep a suppression record for 1 year.
Server access logs: retained for 90 days.

7. Your Rights

Under the NDPA 2023, you have the right to:

Access your personal data we hold about you.
Rectification of inaccurate data.
Erasure ("right to be forgotten") where there is no lawful reason to retain it.
Restriction of processing in certain circumstances.
Data portability — receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests.
Withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, email info@promisemedicalcentre.org with "DATA REQUEST" in the subject line. We will respond within 21 days.

You also have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) at info@ndpc.gov.ng.

8. Security

We implement industry-standard technical and organisational measures to protect your data, including:

AES-256 encryption at rest (Supabase).
TLS encryption in transit (HTTPS enforced).
Role-based access controls and Row Level Security (RLS) on all database tables.
HTTP security headers (HSTS, CSP, X-Frame-Options).
All admin actions are logged to an immutable audit trail.

If you believe your data has been compromised, contact us immediately at info@promisemedicalcentre.org.

9. Cookies

We use a small number of essential cookies to keep your session secure and remember your preferences. For full details, see our Cookies Policy.

10. Children

11. Changes to This Policy

12. Contact Us

For privacy-related enquiries:

Email: info@promisemedicalcentre.org
Post: Promise Medical Centre Ltd, 132 Dopemu Road, Agege, Lagos
Phone: +234 703 438 9645

See also: Terms of Use · Cookies Policy · Patient Rights

1. Data Controller

2. Information We Collect

2.1 Information you provide directly

2.2 Information collected automatically

3. Legal Basis for Processing

4. How We Use Your Information

5. Sharing Your Information

6. Data Retention

7. Your Rights

8. Security

9. Cookies

10. Children

11. Changes to This Policy

12. Contact Us

Privacy Policy

1. Data Controller

2. Information We Collect

2.1 Information you provide directly

2.2 Information collected automatically

3. Legal Basis for Processing

4. How We Use Your Information

5. Sharing Your Information

6. Data Retention

7. Your Rights

8. Security

9. Cookies

10. Children

11. Changes to This Policy

12. Contact Us