Privacy policy.

Koyo HealthTech Ltd Privacy Policy


Koyo HealthTech Limited, (“Koyo”, “Company”, “we”, “us” or “our”) is an online healthcare service provider that connects patients to health care providers virtually (our “Services”). We value the privacy of our Users and have set out this Privacy Policy describing how we collect, use, store, share, and protect Personal Information from Users who engage our Website [https://www.koyohealthtech.com/ or https://app.koyohealthtech.com/] (our “Website”) and our Services.

If you choose to use our Website and/or our Services, then you will be required to provide your Personal Information. Therefore, you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Services we provide you. We will not use or share your Personal Information with anyone except as described in this Privacy Policy.

The Services are primarily intended for and provided to individuals, patients, and health care providers (“User”). We generally process personal and medical data on behalf of Users as a service provider or a data processor to the Users. However, we do not control and are not responsible for the privacy practices of such Users. 

This Privacy Policy does not apply to services that are not owned or controlled by Koyo, including third-party websites and the services of any other health or technology providers. This Privacy Policy applies to all forms of systems, operations and processes within the Koyo environment that involve the processing of personal data. 

By browsing through, accessing or using our Website or Services, you agree to the collection and use of your information in accordance with this Policy and our Terms of Use available on the Koyo app or at www.koyohealthtech.com. Once you provide consent, you may change your mind and withdraw the consent at any time by contacting us at hello@koyohealthtech.com  but please note that consent withdrawal will not affect the lawfulness of any processing carried out before you withdraw your consent. 


Information Collection and Use

What data do we collect?

In providing our services, we collect your personal data. Personal data as used here means any information that can be used to identify a person directly or indirectly and which may be collected automatically or from third parties for our website to function properly. The below information can be obtained through you or from third parties:

  • Health Care Providers

  • Patients

  • Visitors

  • Full name of representative registering on behalf of a healthcare provider 

  • Name of a healthcare provider

  • Country of residence

  • Email address

  • Phone number

  • Full names of medical professionals

  • Photographic identification documents of medical professionals

  • Medical qualifications

  • Medical licensing and indemnity details

  • Address of the healthcare institution

  • Financial information

  • Full name

  • Sex

  • Email address

  • Phone number

  • Date of birth

  • Profile picture

  • Home address

  • Country

  • Preferred language

  • Medical record/information including health information, like:

  • symptoms

  • conditions

  • medication

  • other details already held in your medical records, and/or which you provide during an online consultation.

  • Financial information

  • Search queries

  • The IP address

  • Name of Internet Service Provider

  • Date and time of visit

  • Device ID

  • Browsing Behaviour

  • Web pages visited, duration and frequency of visits

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered Personal Information as this data does not reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

When you are asked to provide personal data, you may decline, and you may use web browser or operating system controls to prevent certain types of automatic data collection. However, where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with, or receive from you, goods or services). In this case, we may have to cancel the Service, but we will notify you if this is the case at the time. 

How do we collect data?


We collect data through:

  1. User Registration:  To gain full access to our Services, you must register and create an account with us. To register an account, we will collect your personal and medical data which you voluntarily provide to us during sign up or during consultations.

  2. Payment Processing: To make financial transactions, we collect credit card information and other relevant financial account information.

  3. Communications: If you contact us directly, (for an inquiry or a support request), we may receive additional personal data about you, including the content of your communications.

  4. Feedback/Survey Forms: If you voluntarily complete a survey or feedback form, additional information may be collected.

  5. Join a Mailing List: You may be asked from time to time to join a mailing list, however, you may accept or decline the same. Where you accept, it may be necessary for us to collect additional information.   

  6.  Personal data collected automatically

  7. Device Information. We receive information about the device and software you use to access our Services, including internet protocol (IP) address, web browser type, operating system version, and device identifiers.

  8. Usage Information. We automatically receive information about your interactions with our Services. This information includes records of your communication with health providers on the app and/or website, transactions and information about your other activities related to our Services.

  9. Location Information. When you use our Services, we may collect or infer your general location information. For example, your IP address may indicate your general geographic region.

    Personal data received or inferred from third parties: 

    We may receive additional personal data from third parties and other identification/verification services such as your financial institution and payment processor. 

We may retrieve information from public sources such as open government databases.

We may infer additional personal data based on the personal data described above. 

How do we use personal data

We use the personal data we collect to:

  1. provide the required Services to Users;

  2. respond to Users’ questions or requests;

  3. improve app features and website content, and analyse data to provide improved services;

  4. send you marketing content, newsletters and service updates curated by us, however, you will always have the option to unsubscribe if you do not want wish to receive such information;

  5. maintain accurate record of Users; 

  6. process payments of the User;

  7. resolve disputes that may arise; and 

  8. any other purpose that we disclose to you in the course of providing services to you.

How do we share the personal data you provide?

Koyo does not sell, trade or rent personal data to anyone. Further, we will not share or disclose your personal data with a third party without your prior consent.

Service providers: we share personal data with selected healthcare providers attending to a User at each time.

  1. Financial services & payment processing: we will share payment and transactional data with banks and other entities as necessary for payment processing. 

  2. Security, safety, and protecting rights: we will disclose personal data if we believe it is necessary to:

  3. help prevent the loss of life or serious injury of anyone, or other exceptional circumstances;

  4. comply with legal obligations or law enforcement investigations.

Third party analytics may collect personal data through our website. This may include, marketing and communications data, demographic data, content and files, geolocation data, usage data, and inferences associated with identifiers and device information (such as cookie IDs, device IDs, and IP addresses) as described in the Cookies section of this statement. 

However, identifiable medical data and history would not be disclosed to third parties without prior written consent of the User except in exceptional circumstances. These third parties may combine this data across multiple sites to improve analytics for their own purpose and others. If required by any applicable law or necessary for the provision or development of our services, we may share de-identified or anonymised information. 

Change of purpose

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Cookies

Cookies are small text files placed by a website and stored by your browser on your device. We use cookies to remember visitors to our website and provide a better user experience. You will be asked to accept or reject cookies. If you choose to reject cookies, you may not be able to access every function and service on the website. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies.


How do we protect your information


Koyo has established adequate technical and organisational controls in line with national and international standards to protect the integrity and confidentiality of your personal information, both in digital and physical format, whilst preventing Personal Information from being accidentally or deliberately compromised.

Koyo is committed to managing your Personal Information in line with best practices. While no online platform is entirely fool proof, we are dedicated to safeguarding your information against loss, misuse, and unauthorised access.

You must contact us upon becoming aware of any breach of Personal Information or if your access credentials have been compromised, to enable us to take the necessary steps towards ensuring the security of your Personal Information or account. We will report any breaches that will compromise your rights and freedoms to the Relevant Authority within the required regulatory timelines after our discovery.


Storage Limitation

The personal data we process will be stored for as long as necessary to fulfil the purposes described in this Policy or the Terms. However, we will also retain your personal data subject to the Nigerian Data Protection Act (NDPA) and any other applicable laws, to resolve disputes, prevent fraud and abuse, and enforce our legal agreements and policies. In addition, we will delete your data for targeted marketing purposes once you unsubscribe from our marketing communications.


Transfer of Personal Data

As part of our service provision, we may rely on third-party servers or databases co-located with hosting providers resident in foreign jurisdictions, which constitutes the transfer of your personal data to computers or servers in foreign countries. We take steps designed to ensure that the data we collect under this Privacy Policy is processed and protected according to the provisions of this Policy and applicable law wherever the data is located.


Where personal data is to be transferred to a country outside Nigeria, Koyo shall put adequate measures in place to ensure the security of such Personal Information. Any transfer of Personal Information out of Nigeria will be in accordance with the provisions of the NDPA. In addition, Koyo shall use contractual terms to ensure protection of the data or ensure the country has adequate data protection laws as required under the NDPA. Furthermore, we can transfer when we have a legal obligation, need to establish or defend a legal claim, or there is a public interest obligation. 

Should you wish to transfer personal data to a country deemed to have inadequate data protection laws, Koyo will take all necessary steps to ensure that informed consent is obtained from you, and you are aware of the risks entailed with such transfer. In any instance, Koyo will ensure Personal Information is transmitted in a safe and secure manner. Details of the protection given when your Personal Information is transferred abroad, and details of the basis of such transfers shall be provided to you upon request.

Grounds for Processing of Personal Information

Processing of personal information by Koyo shall be lawful if at least one of the following applies:

  1. the User has given consent to the processing of his/her Personal Information for one or more specific purposes;

  2. the processing is necessary for the provision of Koyo’s service;

  3. processing is necessary for compliance with any legal obligation or law enforcement;

  4. processing is for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; 

  5. for the purposes of the legitimate interests pursued by us e.g. for the prevention of fraud or network security; and 

  6. processing is necessary in order to protect the vital interests of the User or of another natural person.


Choices and Rights

Users with personal information held by Koyo are entitled to the following rights:

  1. Right to request for and access any Personal Information collected and stored by Koyo;

  2. Right to be informed regarding their Personal Information;

  3. Right to object to automated decision making and processing;

  4. Right to request rectification and modification of Personal Information which Koyo keeps;

  5. Right to request the deletion of their data;

  6. Right to request the movement of data from Koyo to a third party - this is the right to the portability of data;

  7. Right to revoke consent;

  8. Right to object to direct marketing, and to request that Koyo restricts the processing of their information; and

  9. Right to submit a complaint to the Nigeria Data Protection Commission (NDPC).

Your request will be reviewed and answered by Koyo’s Tech Team or Data Protection Officer within a 30-day period. You may review your account settings and update your Personal Information directly or by contacting us.


Process to Request Deletion of Data

Any request for deletion of personal data should be made to the Data Protection Officer by email to: DPO@koyohealthtech.com

Policy Violations

Any violation of this Privacy Policy should be brought to the attention of Koyo’s Tech Team or the Data Protection Officer (email: DPO@koyohealthtech.com or hello@koyohealthtech.com) for appropriate sanctioning and treatment.


Accuracy of Information


You certify that the information provided to register as a User is correct to the best of your knowledge. Furthermore, when providing the personal data of any other person, you confirm that you are only providing accurate and up-to-date data and with their consent, or if a minor the consent of their parent/s or guardian/s, and in accordance with this Policy. 


Changes to This Privacy Policy

We may need to update, modify or amend our Privacy Policy from time to time as necessary or required by law. If we materially change the ways in which we use or share personal data previously collected from you through our Services, we will provide notice or obtain consent regarding such changes as may be required by law. The Privacy Policy will apply from the effective date provided on our website.

Last revised: 26/02/2025