FULL PRIVACY NOTICE

1. WHAT INFORMATION DO WE COLLECT?

In Short:We collect personal information that you provide to us, including sensitive health data necessary to provide the TeleWyse telemedicine service.

Personal Information You Disclose to Us

We collect personal information that you voluntarily provide when you register on the TeleWyse App, express an interest in our services, participate in activities on the App, or otherwise contact us. The personal information we collect may include the following:

Identification and Contact Data: Names, phone numbers, email addresses, date of birth, and government-issued identification numbers.

Health and Medical Data: Medical history, current symptoms, prescription details, doctor’s notes, consultation records, diagnostic images, and any other health information you provide during consultations or in your medical profile.

Payment Data: Billing addresses and debit/credit card numbers. (Note: We use secure, PCIcompliant third party payment processors. We do not store your full credit card details on our servers).

Sensitive Information. When necessary, with your explicit consent or as otherwise permitted by applicable law for the provision of healthcare, we process the following categories of sensitive information:

   Health Data

   Financial Data (for payment processing)

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information Automatically Collected

In Short: Some information  such as your Internet Protocol (IP) address and/or browser and device characteristics  is collected automatically when you use our Services.

We automatically collect certain information when you visit, use, or navigate the TeleWyse App. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our App, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies. You can find more details in Section 5.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with TeleWyse. Specifically, we use your information to:

To Facilitate and Provide Telemedicine Services: This is the core of our service. We process your personal and health data to create and manage your secure user account, match you with licensed healthcare professionals, conduct virtual audio/video consultations, and enable electronic prescription services, including sharing prescriptions with partnered pharmacies for fulfillment.

To Fulfill and Manage Your Orders and Payments: We process your information, including payment details, to process the financial transactions for your consultations, prescribed medications, and other services. This includes sending you invoices and order confirmations, and managing returns, refunds, or exchanges where applicable.

To Maintain Comprehensive Medical Records: We process your health information to create and maintain your electronic health record (EHR) on the platform. This is critical for continuity of care, allowing any healthcare professional you consult with on TeleWyse to have access to your relevant medical history, and is a legal requirement for medical practice in Nigeria and many other jurisdictions.

To Administer User Accounts and Communicate with You:  We process your contact information to send you critical administrative messages, such as updates to our terms, conditions, and policies. We also use it to send you appointment reminders, followup care instructions, and responses to your customer support inquiries.

To Request Feedback: We may process your information to request feedback and to contact you about your use of our Services, which helps us improve and develop new features for TeleWyse.

To Send Marketing and Promotional Communications: We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see ‘WHAT ARE YOUR PRIVACY RIGHTS?’ below.

To Protect Our Services and Users: We process your information as part of our efforts to keep TeleWyse safe and secure, including for fraud monitoring and prevention, and to ensure the integrity of our platform. This may include analyzing usage data to detect unusual patterns that could indicate misuse.

To Save or Protect an Individual’s Vital Interest: We may process your information when necessary to save or protect an individual’s vital interest, such as in a medical emergency where disclosing information to emergency services is critical to your life or health.

To Comply with Legal and Regulatory Obligations: We process your information where we believe it is necessary for compliance with our legal obligations under the Nigeria Data Protection Act (NDPA), the National Health Act, regulations set by the Medical and Dental Council of Nigeria (MDCN), the EU GDPR, and other applicable laws, such as in response to a court order or subpoena.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law.

The GDPR and NDPA require us to explain the valid legal bases we rely on to process your personal information. As such, we may rely on the following legal bases:

Your Explicit Consent: This is our primary basis for processing your sensitive health data. When you sign up for TeleWyse and agree to this Privacy Policy, you are providing your explicit consent for us to collect, store, and use your health information to provide the telemedicine service. You can withdraw your consent at any time by contacting us, but this may affect our ability to provide you with care.

Performance of a Contract: We process your nonsensitive personal data (e.g., name, contact details, payment information) because it is necessary to perform the contract we have with you, namely, to provide you with the telemedicine services you have requested when you registered and booked a consultation.

Legal Obligations: We process your information where we believe it is necessary for compliance with our legal obligations. For example, Nigerian law requires healthcare providers to maintain accurate medical records for a minimum period. We must process your data to fulfill this obligation.

Vital Interests: We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person. For example, in a critical medical situation during a consultation, a doctor may need to share your location and health data with emergency services without explicit consent to protect your life.

Legitimate Interests: We may process your information for our legitimate interests, such as analyzing how the App is used to improve our services, for network and information security, and for administrative purposes. We ensure that these interests are not overridden by your fundamental rights and freedoms.

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following third parties. We do not sell your data.

We may need to share your personal information in the following situations:

   Healthcare Providers for Treatment: Your personal and health information is shared with the doctors, pharmacists, nurses, and laboratory personnel involved in your care through the TeleWyse platform. This is essential for diagnosis, treatment, and the fulfillment of prescriptions. These professionals are independently responsible for complying with their own legal and ethical confidentiality obligations.

   ThirdParty Service Providers (Processors): We share data with trusted vendors who provide services on our behalf, under strict data processing agreements that prohibit them from using your data for their own purposes. These include:

       Cloud Hosting Providers (e.g., AWS, Google Cloud etc) who store our data securely.

       Payment Processors (e.g., Paystack, Flutterwave, moniepoint) who handle financial transactions.

       Communication Service Providers for SMS and email delivery.

       Analytics Companies to help us understand app usage patterns (data is typically anonymized).

   Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. You will be notified via email and/or a prominent notice on our App of any change in ownership.

   Legal Requirements: We may disclose your information where we believe it is necessary to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements). This may include disclosing information to the NDPC (Nigeria Data Protection Commission) or other regulatory bodies for audit or investigation purposes.

 5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and similar tracking technologies to collect and store your information to improve your experience and analyze service usage.

We may use cookies and similar tracking technologies (like web beacons, pixels, and SDKs in our mobile app) to access or store information. Specifically, we use them for:

   Essential Operations: To allow the core functionalities of the TeleWyse web portal, such as maintaining your secure login session.

   Performance and Analytics: To help us understand how you use the App, which features are popular, and if you encounter any errors. This data is aggregated and anonymized to help us improve performance and user experience.

   Functionality: To remember your preferences and settings, such as your language choice.

You have control over cookies. Most web browsers allow you to refuse or accept cookies. However, if you choose to disable cookies, some parts of our web portal may not function correctly. Our mobile app may also collect device identifiers and usage data through embedded SDKs for similar analytical purposes.

 6. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law.

   Medical Records: As mandated by Nigerian health regulations (which typically require retention for a minimum of 5 to 7 years after the last patient encounter, or longer for minors), we will retain your electronic health record for at least this period to ensure continuity of care and for legal and regulatory purposes.

   Account Information: Your basic account information will be retained while your account is active and for a period thereafter to comply with tax and financial reporting laws.

   Other Data: Log data, marketing profiles, and other nonessential information will be retained for a shorter period, typically not exceeding 12 years.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not immediately possible (e.g., because your information has been stored in backup archives), we will securely store your information and isolate it from any further processing until deletion is possible.

 7. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organisational and technical security measures designed to protect the security of any personal information we process.

We have implemented and maintained appropriate technical and organisational security measures tailored to the sensitive nature of health data. These measures include:

   Encryption: We use encryption protocols (TLS/SSL) for data in transit and strong encryption methods for data at rest.

   Access Controls: Strict access controls and authentication measures ensure that only authorized personnel (e.g., your consulting doctor) have access to your data, and only on a need-to-know basis.

   Secure Development: We follow secure coding practices and regularly review our systems for vulnerabilities.

   Staff Training: Our employees and contracted healthcare professionals are trained on data privacy and confidentiality.

   Regular Security Assessments: We conduct periodic audits and penetration tests to evaluate and improve our security posture.

 8. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We take the privacy of minors seriously and collect data from minors only with verifiable parental or guardian consent.

We do not knowingly solicit data from or market to children under the age of 18 without parental consent.

For Minors (Under 18 Years of Age):

   A minor cannot create a TeleWyse account independently.

   A parent or legal guardian must create the account on the minor’s behalf, providing their own information for the account and explicitly consenting to the collection, use, and disclosure of the minor’s personal and health information as described in this Privacy Policy.

   By creating an account for a minor, you represent and warrant that you are the parent or legal guardian and have the authority to provide such consent.

   The personal and health information of the minor will be processed for the same purposes and under the same security measures as outlined for adult users.

Our Actions upon Discovery:

If we learn that personal information from users less than 18 years of age has been collected without verified parental consent, we will immediately deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18 without proper consent, please contact us immediately at dpo@mofmedmedicalsolution.com.

 9. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: Depending on your geographical location and under laws like the NDPA and GDPR, you have rights that allow you greater access to and control over your personal information.

In some regions (like the European Economic Area (EEA), United Kingdom (UK), and Nigeria under the NDPA), you have certain rights under applicable data protection laws. These may include the right to:

   Request Access and Data Portability: You can request access to and a copy of the personal information we hold about you in a structured, machine-readable format.

   Request Rectification: You can request that we correct any inaccurate or incomplete personal information we hold about you.

   Request Erasure (‘Right to be Forgotten’): You can request the deletion of your personal information. Please note: This right is not absolute. We may be legally obligated to retain your medical records for a specified period under Nigerian law and cannot delete them until that retention period has expired.

   Restrict Processing: You can request that we temporarily or permanently stop processing all or some of your personal information.

   Withdraw Consent: If we are processing your personal information based on your consent (which includes the processing of your sensitive health data), you can withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of processing that occurred before the withdrawal.

   Object to Processing: You can object to our processing of your personal information for certain purposes, such as direct marketing.

Exercising Your Rights:

To exercise any of these rights, please submit a verifiable request to us by contacting our Data Protection Officer (DPO) using the contact details in Section 11.

We will respond to your request in accordance with applicable data protection laws. To protect your privacy, we will take steps to verify your identity before fulfilling your request. This may involve asking you to provide specific information to confirm you are the owner of the account in question.

Complaints:

If you are located in the EEA or UK and believe we are unlawfully processing your personal information, you have the right to complain to your local data protection authority.

If you are in Nigeria, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC).

 10. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws and reflect changes in our services.

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Last Updated” date at the top of this page, and the updated version will be effective as soon as it is accessible.

If we make material changes to this privacy notice that affect how we handle your personal data or your rights, we will notify you either by:

   Prominently posting a notice of such changes within the TeleWyse application.

   Directly sending you a notification via email or SMS.

We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

 11. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

In Short: If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO).

If you have any questions or comments about this notice, or if you would like to exercise your privacy rights, you may contact our designated Data Protection Officer (DPO) at:

 Organization name

BRAVO-HEALTH LIMITED

Organization address

ETSL Plaza 26 Deco Road, By Etuwewe Junction

Warri –

Nigeria (NG)

Developer phone number

+2348159792584

Developer email address

info@mofmedmedical.com

 12. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

In Short: You can submit a formal data subject access request to review, update, or delete your personal information.

Based on the applicable laws of your country, you may request to review, update, or delete your personal information.

The Process:

1.  Submit a Request: To initiate this process, please fill out and submit a Data Subject Access Request (DSAR) form, which can be obtained by emailing dpo@mofmedmedicalsolution.com. The request should clearly specify the right you wish to exercise and the information concerned.

2.  Verification: Upon receiving your request, we are required by law to verify your identity before proceeding. This is a security measure to ensure that personal data is not disclosed to someone who does not have the right to receive it. We may contact you to request additional information to confirm your identity.

3.  Response: We will respond to your verifiable request without undue delay, and in any event, within the timeframe stipulated by the applicable law (e.g., one month under GDPR, subject to extensions). Our response will inform you of the action we have taken or the reason for any denial.

Please note: As a healthcare provider, we are legally obligated to maintain medical records for a minimum period. Therefore, a request for deletion will be subject to these legal retention requirements, and we may only be able to anonymize your data or restrict its processing until the legal retention period expires.

Mofmed Medical Solution

Best Healthcare Technological Service

© 2025. All rights reserved.

This privacy policy was created for TeleWyse by MofMed Medical Solution and is tailored to comply with the Nigeria Data Protection Act (NDPA) and the EU General Data Protection Regulation (GDPR).