Last updated: 06-09-2023
Nidus Aquilae Hospital (hereafter referred to as “the Hospital”) is dedicated to safeguarding the confidentiality and privacy of information entrusted to us by our staff, patients, customers, and all stakeholders. Our commitment to data protection and privacy reflects our responsibility for processing the information of our patients, staff, and other stakeholders with the utmost care and confidentiality. This policy outlines how we collect, use, store, handle, and secure personal information (referred to as “Personal Information” or “PII”) in a transparent and ethical manner.
Data Protection Policy
The Hospital’s Information Protection Policy (IPP) governs the processing of personal information by the Hospital, as outlined in this policy. Our IPP clarifies what information we collect about our customers, how we use it, with whom we share it, the circumstances under which sharing may occur, and the measures we take to maintain its privacy and security. This policy also articulates the rights of customers regarding information collected during the course of business.
Collection and Use of Personal Information
2.1 What we collect:
Your personal information is used only for the purposes listed in this document, unless we obtain your permission or are required by law to use it for other purposes. In general, we collect and generate the following information:
Individual personal information (e.g., name, previous names, blood group, health status, genotype, date and place of birth, etc.).
Individual personal contact details (e.g., address, email address, landline, fax, and/or mobile numbers).
Identity information (e.g., photo ID, passport, utility bill, national ID card, and/or nationality).
User authentication login and subscription data (e.g., login credentials for online access to our Hospital services).
Information about your interactions with Nidus Aquilae Hospital (e.g., channels used, geographic information, software used, and information regarding your complaints).
Information received from external authoritative registers for compliance purposes.
Information captured in customer documentation or data exchange, such as application forms or advice documents, or via telephone (e.g., records of advice).
Marketing and promotional information (e.g., details of the services we offer and your preferences).
Cookies and similar technologies used to remember your preferences and tailor content.
Data or records of correspondence related to relevant exchanges of information (e.g., emails).
Information to fulfill regulatory obligations (e.g., transaction details, user activity).
Information from other entities (e.g., relevant transaction information).
Information from third parties providing information to identify and manage fraud.
Closed-circuit television (CCTV) footage in and around Nidus Aquilae Hospital facilities (which may capture photos or videos of you).
Other information about you voluntarily provided by filling in online forms or by communicating with us, whether face-to-face or via other available channels (e.g., by phone, email, online).
2.2 Why we collect it and the Legal Grounds
Nidus Aquilae Hospital generally collects only the personal information necessary to fulfill your requests and provide the requested and/or agreed-upon services. When we process your personal information, we rely on one of the following legal processing conditions as required by applicable law:
Performance of a contract: We process your personal information when necessary to fulfill our obligations under a contract with you or to complete our acceptance procedure to enter into a contract.
Legal obligation or for public interest: We process your personal information to comply with legal obligations, such as record-keeping for tax purposes, regulatory requirements, or providing information to public bodies or law enforcement organizations.
Legitimate interests: We may process your information where there is a legitimate interest, such as your health interests, unless such interests are overridden by your rights, fundamental freedoms, or your express denial.
Consent: We may ask for your specific permission to process some of your personal information for particular purposes, such as research and studies. We will only process your personal information in this way if you agree.
What constitutes consent? Your consent is given when you consume our services, navigate our website, check our online forms or boxes, subscribe to our email alerts, and attend our online/offline events or other events, or when you voluntarily submit your personal data to us.
How do you withdraw your consent? You may withdraw your consent at any time by unsubscribing from our email alerts or other digital platforms or by contacting the Nidus Aquilae Hospital Data Protection Officer (DPO) via email@example.com.
In general, we process, transfer, and disclose your information for the following purposes:
Providing you with our healthcare services (including via online platforms).
Verifying your identity (e.g., for authentication purposes).
Handling your transactions or carrying out instructions.
Performing data analytics and understanding your preferences and how you use the provided services.
Maintaining record-keeping and accountability.
Complying with legal and regulatory obligations, including data protection regulations.
Managing our relationship with you (including any activities you agree to).
Obtaining reports of online problems (e.g., with the Nidus Aquilae Hospital site).
Enforcing or defending the rights of a member, staff, or customer of Nidus Aquilae Hospital.
For internal operational support and administrative purposes (e.g., development of our services, audit, and risk management).
Ensuring security and organizational continuity.
Service quality management and service improvement.
Corresponding with third parties (e.g., vendors, HMOs, regulators, and intermediaries).
Facilitating the dissemination of information about our association and events.
Registering and participating in our online and offline events.
Responding to and building on any feedback you send us.
2.3 Retention of Information
We will retain your personal data for a short period of time, for the purposes outlined in this policy or our contract with you, and we will destroy it before this expiration period only when you exercise your right to request deletion of personal data or as otherwise required by law.
After the expiration of any applicable retention periods, your personal data will be irreversibly destroyed. This allows us to comply with legal and regulatory requirements or fulfill our legitimate purposes. If we no longer need to retain information for a particular period, we may destroy, delete, or anonymize it more promptly. Any personal data held by us will be kept until you notify us that you no longer wish to receive this information.
2.4 Storage of Information
2.5 Sharing Information
We do not share personal information with unaffiliated third parties, except when necessary for our legitimate professional and business needs, to fulfill your requests, and/or as required or permitted by law. This includes:
Service providers: Nidus Aquilae Hospital collaborates with reputable partners and service providers who may process your personal information on our behalf when needed. We only transfer personal information to them when they meet our data processing and security standards, as outlined in our third-party information security policy.
Courts, law enforcement, or regulatory bodies: We may disclose personal information to respond to requests from courts, government entities, or law enforcement organizations or when required to comply with applicable laws, court orders, rules, or government regulations.
Audits: Personal information may be disclosed for data privacy or security audits or to investigate and respond to complaints or security threats.
2.6 Automated Decisions and Profiling
We do not use automated systems to make automated suggestions or decisions, including profiling, based on personal information we collect or are authorized to collect from other sources. All personal data we collect involve human involvement.
2.7 Further Processing
We may sometimes process personal data for purposes other than those initially collected, provided that such processing is compatible with the original purposes for which the personal data were collected. To determine whether processing for another purpose is compatible with the initial purpose, we consider:
Any link between the original and proposed new purposes.
The context in which data were collected, including the relationship between Nidus Aquilae Hospital and your reasonable expectations.
The nature of the data, particularly whether they are sensitive data or data related to criminal offenses.
The possible consequences of the proposed processing.
The existence of safeguards, including encryption.
When processing personal data for another purpose is based on consent or the law permits further processing, we will provide you with information about that other purpose and any necessary details before proceeding.
3.0 Automatic Collection: Cookies & IP Addresses
4.0 Your Rights
4.1 Data Subject Rights
If you have submitted personal information to Nidus Aquilae Hospital, you have the following rights:
The right to access information about you and obtain details about how it is processed.
The right to request correction of inaccurate or incomplete information.
The right to request erasure of your information, subject to applicable law and agreements. We may continue to retain your information if there are legitimate reasons for doing so.
The right to request restriction of our processing of your information under specific circumstances.
The right to withdraw consent to our processing of your information, subject to applicable law and agreements. We may continue to process your information if there are legitimate reasons for doing so.
The right to data portability in certain situations, allowing you to receive certain information you provided to us in an electronic format or request its transmission to a third party.
The right to opt out of marketing communications by checking appropriate boxes on our data collection forms.
The right to lodge a complaint with the Data Protection Regulatory Authority, such as the National Information Technology Development Authority (NITDA), if you believe that Nidus Aquilae Hospital has not processed your personal data in accordance with data protection legislation.
You can exercise these rights by contacting us using the details provided in the “Questions and Enforcement” section. We will make every reasonable effort to comply with your request, provided it is consistent with applicable laws and regulations. We will aim to fulfill your request within one month or inform you of the reason for refusal or an extension of the compliance period.
5.0 Other Relevant Information
5.1 Data Security
Nidus Aquilae Hospital has security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Although we take security measures, security cannot be absolutely guaranteed against all threats. Access to your personal information is limited to those with a need to know, and they are required to maintain its confidentiality. We use various technologies such as data encryption and firewalls to protect data in transit and data at rest.
5.2 Your Responsibilities
You are responsible for ensuring that the information provided to Nidus Aquilae Hospital on your behalf is accurate and up-to-date. If anything changes, you must inform us as soon as possible. If you provide information for another person on your account, you must direct them to this notice and ensure they also agree to use their information.
5.3 Questions and Enforcement
5.4 Children’s Privacy
Our services may apply to children irrespective of age, but we collect personally identifiable information from children under the age of 18 only under the strict supervision and consent of a parent, guardian, or legal custodian.
5.5 Links to Other Websites
If you visit websites other than Nidus Aquilae Hospital’s, please read the privacy policies on those websites to learn how they handle your information.
5.6 Governing Principles of our Data Processing
We guarantee that your personal data shall be:
Collected and processed for specific, legitimate, and lawful purposes consented to by you.
Restricted to you and not transferred to any person or entity except as required by law.
Adequate, accurate, and respectful of human dignity.
Stored only for a reasonable and necessary duration.
Secured against foreseeable hazards and breaches, including theft and cyberattacks.