PRIVACY POLICY
Virtual Doctors Limited (“Virtual Doctors Africa”, “we”, “us” or “our”)
Updated Date: 13th May, 2026.
Virtual Doctors Limited is a Nigerian company committed to protecting your privacy in compliance with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation (NDPR), guidelines issued by the Nigeria Data Protection Commission (NDPC), and applicable international standards including relevant provisions of the U.S. Health Insurance Portability and Accountability Act (HIPAA) for cross-border telehealth services.
This Privacy Policy explains how we collect, use, process, disclose, protect, and retain your Personal Data when you access or use our Website (www.virtualdoctors.ng), Mobile Application, medical kiosks, telehealth services, or interact with us via email, SMS, calls, video, or other electronic means (collectively, the “Platform”).
Important Notice: Virtual Doctors Limited is a technology platform provider and not a medical practitioner or medical group. All telemedicine/telehealth consultations are provided by independent, licensed healthcare providers (“Providers”). Your Provider is responsible for their own privacy practices and for issuing any required Notice of Privacy Practices regarding your health information. By using our Platform, you acknowledge and agree to this separation of roles.
1. Consent and Acceptance
By accessing or using our Platform, you consent to the collection, processing, use, disclosure, and transfer of your Personal Data as described in this Policy. If you do not agree, please do not use the Platform. Continued use after any updates constitutes acceptance of the revised Policy.
2. Children and Minors
Our Platform is not directed at children under 18.
- Users under 18 require verifiable parental or guardian consent.
- Users under 13 may only use the services under the active supervision and consent of a parent or legal guardian.
We do not knowingly collect data from children under 13 without such consent. If we become aware of such collection, we will delete the information promptly. Parents/guardians may contact us to review or delete such data.
3. Information We Collect
We collect the following categories of Personal Data:
Personal Identifiers & Contact Data: Name, email, phone number, date of birth, gender, address, government-issued ID (where required), next of kin details.
Health & Medical Data: Medical history, symptoms, diagnoses, treatment information, prescriptions, test results, images, videos, and audio recordings of consultations (except behavioral health visits where not recorded).
Payment & Transaction Data: Billing information, payment card details (processed via secure third-party gateways), insurance details.
Technical & Usage Data: IP address, device ID, browser type, operating system, location data (where enabled), usage logs, clickstream data, error reports.
Biometric & Multimedia Data: Photographs, videos, and audio recordings during telehealth sessions.
Other: Any information you voluntarily provide in forms, surveys, support requests, or User Contributions.
We may also collect aggregated or anonymized data that does not identify you.
4. How We Collect Your Data
- Directly from you: When you register, book appointments, complete forms, interact with Providers, or contact us.
- Automatically: Through cookies, pixels, web beacons, analytics tools (e.g., Google Analytics, Facebook Pixel), and similar technologies.
- From third parties: Business partners, insurance providers, referral sources, and public sources (where lawful).
- During consultations: Audio/video recordings (non-behavioral health visits) for quality, training, legal, and operational purposes.
5. Legal Basis for Processing (NDPA Compliance)
We process your Personal Data based on:
- Your consent (where required);
- Performance of a contract with you;
- Compliance with legal obligations;
- Protection of your vital interests or those of another person;
- Legitimate interests of Virtual Doctors (e.g., service improvement, fraud prevention, security), provided these do not override your rights.
Special categories of data (health data) are processed with explicit consent, for medical purposes, or as otherwise permitted by law.
6. How We Use Your Information
We use your Personal Data to:
- Provide, personalize, and improve our telehealth Platform and services;
- Facilitate consultations with licensed Providers;
- Process payments and manage transactions;
- Record consultations for treatment continuity, quality assurance, peer review, training, dispute resolution, regulatory compliance, and service improvement;
- Communicate with you (service updates, appointment reminders, support);
- Comply with legal and regulatory requirements (including NDPC, medical councils, and anti-fraud laws);
- Conduct analytics, research, and product development (using anonymized or aggregated data where possible);
- Enforce our rights and defend against claims;
- Send marketing communications (with opt-out option).
7. Disclosure and Sharing of Your Information
We may share your Personal Data with:
- Independent Providers delivering telehealth services;
- Our affiliates, service providers, and contractors (e.g., cloud hosting, payment processors, analytics providers, IT support) bound by confidentiality and data protection obligations;
- Successors in the event of merger, acquisition, or business transfer;
- Legal authorities when required by law, court order, or regulatory request;
- Insurance providers or third parties as necessary for billing or as instructed by you.
We do not sell your Personal Data. Any sharing is limited to the purposes outlined in this Policy.
International Transfers: Your data may be transferred to and processed in the United States or other jurisdictions by our Providers and service providers. We ensure appropriate safeguards (e.g., contractual clauses, adequacy decisions, or binding corporate rules) are in place as required under the NDPA.
8. Data Security
We implement industry-standard technical, organizational, and administrative measures to protect your data, including:
- Encryption at rest and in transit (TLS);
- Access controls and multi-factor authentication;
- Regular security audits, penetration testing, and vulnerability management;
- Employee training on data protection and HIPAA/NDPA obligations;
- Secure cloud infrastructure (e.g., Google Cloud with relevant certifications).
Despite these measures, no system is impenetrable. Transmission of data over the internet carries inherent risks, and you accept this when using the Platform. You are responsible for keeping your login credentials confidential.
9. Data Retention
We retain your Personal Data only as long as necessary for the purposes stated, to comply with legal obligations (including medical record retention laws), resolve disputes, and enforce agreements. Health data is retained in accordance with applicable medical and data protection laws.
10. Your Rights as a Data Subject
Under the NDPA and other applicable laws, you have the right to:
- Access, rectify, or erase your Personal Data;
- Restrict or object to processing;
- Data portability (where technically feasible);
- Withdraw consent (where processing is based on consent) — note this may affect service availability;
- Lodge a complaint with the Nigeria Data Protection Commission (NDPC).
To exercise these rights, contact us using the details below. We will respond within the statutory timeframe. We may not be able to fulfill requests that compromise legal obligations, ongoing services, or anonymized data.
HIPAA Rights: For PHI handled in connection with U.S.-based Providers, additional rights may apply as per the Provider’s Notice of Privacy Practices.
11. Cookies and Tracking Technologies
We use cookies and similar technologies for functionality, analytics, and advertising. You can manage preferences through your browser or device settings. Disabling certain cookies may limit Platform functionality. We honor “Do Not Track” signals where feasible, but our primary compliance is with applicable cookie consent requirements.
Third-party services (Google, Facebook, etc.) have their own policies — please review them.
12. Changes to This Privacy Policy
We may update this Policy periodically. Material changes will be notified via email, in-app notice, or prominent website posting. Your continued use after changes constitutes acceptance.
13. Limitation of Liability
To the maximum extent permitted by law, Virtual Doctors Limited shall not be liable for any indirect, incidental, consequential, or punitive damages arising from the use or disclosure of your Personal Data, except where caused by our gross negligence or willful misconduct.
14. Governing Law
This Policy is governed by the laws of the Federal Republic of Nigeria. Disputes shall be subject to the exclusive jurisdiction of the Nigerian courts.
Contact Us
For any questions, requests, or complaints regarding this Privacy Policy or your data:
Virtual Doctors Limited
Email: [email protected]
Phone: +234 701 434 3485
You may also contact the Nigeria Data Protection Commission (NDPC) for regulatory concerns.