Biofem Group (hereinafter referred to as “we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Nigeria Data Protection Act (NDPA) of 2023.
This Privacy Policy applies to all individuals (“data subjects”) who interact with our services, including customers, employees, suppliers, business partners, and website users.
1. Data We Collect
We may collect and process the following categories of personal data, depending on the nature of your relationship with us:
- Personal Identification Information: Name, contact details (e.g., phone number, email address), national identification number, passport details, and date of birth.
- Health and Medical Information: In the context of clinical trials or other pharmaceutical services, we may collect relevant health and medical data.
- Financial Data: Bank account details, transaction records, and payment information.
- Technical Data: Internet Protocol (IP) address, browser type, and usage data when interacting with our website.
- Employment Data: For employees, we may collect details such as work history, educational background, and performance evaluations.
We collect this data directly from you or via third parties, including medical professionals, business partners, and publicly available sources.
2. Purpose of Processing Personal Data
Biofem Group processes your personal data for the following purposes:
- Provision of Services: To deliver pharmaceutical products, manage prescriptions, and ensure compliance with safety and regulatory standards.
- Clinical Research and Trials: To conduct medical and clinical research in line with regulatory guidelines and ethical standards.
- Customer Relationship Management: To manage customer accounts, respond to inquiries, and improve customer experiences.
- Legal and Regulatory Compliance: To meet legal obligations such as record-keeping and reporting to regulatory authorities.
- Marketing and Communication: With your consent, to send newsletters, promotional materials, and updates about our services.
- Internal Operations: For HR management, employee performance monitoring, and ensuring workplace safety.
3. Legal Basis for Processing
We process your personal data based on one or more of the following legal grounds:
- Consent: Where you have given us consent for specific processing activities (e.g., marketing communications).
- Contractual Necessity: Where processing is necessary to fulfil a contract with you (e.g., provision of pharmaceutical services).
- Legal Obligation: Where we are required to process data to comply with laws or regulations.
- Legitimate Interest: Where processing is necessary for our legitimate business interests (e.g., improving our services), provided it does not override your fundamental rights and freedoms.
- Vital Interest: In cases where processing is necessary to protect your vital interests, such as emergency health situations.
4. Data Sharing and Disclosure
We may share your personal data with third parties for the following reasons:
- Service Providers: We engage trusted third-party service providers (e.g., IT service providers, payment processors) to assist in delivering our services.
- Regulatory Authorities: Where required by law, we may disclose data to government bodies, regulatory agencies, or law enforcement authorities.
- Clinical Research Partners: For clinical trials or pharmaceutical research, we may share relevant medical data with research institutions and health authorities.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the business transaction.
We ensure that all third parties who process your data adhere to applicable data protection laws.
5. Security of Your Personal Data
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These include:
- Data encryption
- Secure storage solutions
- Regular audits and assessments
- Access control and authentication procedures
While we strive to protect your personal data, no system is 100% secure, and we cannot guarantee absolute security.
6. Retention of Data
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or contractual obligations. After the retention period, your data will either be securely deleted or anonymized.
7. Your Rights as a Data Subject
In accordance with the Nigeria Data Protection Act of 2023, you have the following rights regarding your personal data:
7.1. Right to Access
You have the right to request access to your personal data held by us, including information on how your data is processed and the purpose of the processing.
7.2. Right to Rectification
You have the right to request the correction or update of inaccurate or incomplete personal data.
7.3. Right to Erasure (Right to Be Forgotten)
You may request that your personal data be erased when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent, among other grounds.
7.4. Right to Restriction of Processing
You have the right to request a restriction on the processing of your data in certain circumstances, such as when the accuracy of the data is contested or you object to its processing.
7.5. Right to Data Portability
You have the right to request that your data be provided in a structured, commonly used, and machine-readable format, and that it be transferred to another data controller where technically feasible.
7.6. Right to Object to Processing
You have the right to object to the processing of your personal data for certain purposes, including direct marketing, and when processing is based on legitimate interests.
7.7. Right Not to Be Subject to Automated Decision-Making
You have the right not to be subjected to decisions made solely based on automated processing, including profiling, which significantly affects you.
7.8. Right to Withdraw Consent
Where we rely on your consent for processing, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing conducted prior to the withdrawal.
8. How to Exercise Your Rights
To exercise any of your rights, please contact us at:
Email: biofem@biofemgroup.com
Phone: +234) 8149906683, (+234) 8171235962
Postal Address: 3 Olorunnimbe St, Wemabod Estate, Ikeja, Lagos
We will respond to your request within the time limits stipulated by the Nigeria Data Protection Act of 2023.
9. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our website. You can control cookies through your browser settings. For more details, please refer to our Cookie Policy.
10. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, regulatory requirements, or legal obligations. We will notify you of significant changes by posting a notice on our website or by other appropriate means.
11. Contact Information
If you have any questions or concerns regarding this Privacy Policy or how we handle your personal data, please contact us at:
Email: biofem@biofemgroup.com
Phone: +234) 8149906683, (+234) 8171235962
Postal Address: 3 Olorunnimbe St, Wemabod Estate, Ikeja, Lagos
This Privacy Policy ensures Biofem Group’s compliance with the Nigeria Data Protection Act of 2023, safeguarding your privacy and affirming your data rights
Last Updated: 24, September 2024