Privacy Policy

 

Helda Tech Privacy Policy

Effective Date: 17/03/2025
Last Updated: 17/03/2025

1.Introduction

Welcome to Helda Technologies Ltd (“Helda”, “we”, “our”, “us”). Helda Tech Limited, a company incorporated in Nigeria, is part of the Helda Group, headquartered in the United Kingdom. This Privacy Policy outlines how Helda Tech (Nigeria) and Helda Group (UK) handle personal and health-related data when you use our services.

As a health data solutions provider, we take privacy, confidentiality, and data protection very seriously, adhering to both NDPR (Nigeria Data Protection Regulation) and, where applicable, GDPR (General Data Protection Regulation) due to our UK-based holding company.

By using Helda’s website, platform, or services, you consent to the terms of this Privacy Policy.

2. Who We Are

  • Helda Tech Limited – Registered in Nigeria (providing health data services to Nigerian clients).

  • Helda Group Limited – Holding company, registered in the United Kingdom (providing oversight, technology development, and strategic governance).

3. Data We Collect

We collect data directly from individuals, healthcare clients (hospitals, pharmacies, clinics), and sometimes from publicly available sources.

Types of Data Collected

Personal Data

Name, email, phone number, job title, organization.

Health Data (from healthcare clients)

Patient records, diagnosis, prescriptions, treatment history.

Operational Data

Inventory records, staff schedules, financial data (where relevant).

Technical Data

IP address, device type, cookies, usage data on our platform.

4. How We Collect Data

  • Directly from you (when filling out contact forms, subscribing, or onboarding).

  • From our Healthcare organisations and clients who use our services

  • From automated website tracking tools (e.g., cookies, analytics platforms).

  • From public sources where legally permitted.

5. Purpose of Data Collection

We collect data to:

  • Provide and improve our services

  • Help hospitals and pharmacies make data-driven business decisions.

  • Train AI models to predict operational bottlenecks, optimise resources, and improve patient outcomes.

  • Ensure compliance with health data regulations.

  • Respond to your inquiries and provide customer support.

  • Improve Helda’s website and marketing.

6. Data Ownership & Roles

  • When Healthcare organisations provide us with patient data, they remain the Data Controller.

  • Helda Tech (Nigeria) acts as the Data Processor, processing data only as instructed by the client.

  • In some cases, Helda Group (UK) may have limited access to data for technology support, platform development, or analytics enhancement. All such transfers follow appropriate safeguards (see below).

7. Legal Basis for Processing

We process data based on:

  • Consent – If you contact us directly or opt into marketing.

  • Contractual Necessity – To deliver services to our healthcare clients.

  • Legal Obligation – For compliance with NDPR, GDPR, and health regulations.

  • Legitimate Interest – To improve our services (while respecting your rights).


8. International Data Transfers

Since Helda Tech (Nigeria) is owned by Helda Group (UK), some technical data, operational metadata, or anonymized health data may be transferred to the UK for:

  • Technical troubleshooting.

  • Platform improvement (algorithm training, service enhancement).

  • Compliance oversight by the parent company.

Such transfers are governed by Data Protection Agreements (DPA) and Standard Contractual Clauses (SCC) where required.
We ensure that any UK processing complies with GDPR standards and that Nigerian data protection rights are not compromised.

9. Data Sharing

We do not sell personal or health data. We only share data with:

  • Service providers (e.g., cloud hosting, security monitoring).

  • Regulators, if required under Nigerian or UK law.

  • Helda Group (UK) for internal operational purposes.

  • Healthcare partners (where explicitly agreed in contracts).

10. Data Security

We apply:

  • End-to-end encryption (in transit and at rest).

  • Role-based access control (RBAC).

  • Strict employee confidentiality agreements.

  • Regular security reviews across both Helda Tech (Nigeria) and Helda Group (UK).

  • Data anonymization wherever feasible.

11. Data Retention

  • We retain data for the duration of our client contracts, or until the purpose is fulfilled.

  • Legal retention requirements (e.g., health data under Nigerian laws) apply.

  • Personal data collected for marketing is retained until you withdraw consent.

12. Your Rights (Under NDPR & GDPR)

You have the right to:

  • Access your data.

  • Request corrections.

  • Withdraw consent (where applicable).

  • Object to processing.

  • Request deletion (where legally permitted).

Contact us at: privacy@heldatech.com to exercise your rights.

13. Cookies & Website Tracking

We use cookies to improve your browsing experience.

  • Essential Cookies: For core site functions.

  • Analytics Cookies: To understand user behaviour (with consent).

  • Marketing Cookies: For tailored ads (optional).

You can manage cookies via your browser settings.

14. Children’s Data

Helda does not knowingly collect data directly from individuals under 18 years old. Any child data processed comes through hospitals/pharmacies who are responsible for obtaining parental consent.

15. Changes to This Policy

We may update this Privacy Policy periodically, especially when we expand services or in response to regulatory changes. Significant changes will be communicated via email or on our website.

16. Contact Us

For privacy inquiries or data rights requests:

Email: privacy@heldatech.com