SNERE LTD ("we", "us", or "our") is committed to protecting the privacy and security of all personal data we process. This Privacy Policy explains how we collect, use, store, protect, and share your personal data in connection with our services, including the Snere Medical Records Vault (SMRV) and the Pulp5 student AI platform. This policy is issued in compliance with the Nigeria Data Protection Act 2023 (NDPA).
1. WHO WE ARE
- Company Name: SNERE LTD
- CAC Registration Number: [Insert Number]
- Address: Ebonyi State, Nigeria
- Website: snere.com.ng
- Data Protection Contact Email: [Insert Email]
- NDPC Registration: Registered Data Controller and Processor (MDP-OHL)
2. WHAT PERSONAL DATA WE COLLECT
2.1 For Healthcare Providers and Hospital Administrators (SMRV):
- Name, title, and professional credentials.
- Email address and phone number.
- Facility name and address.
- Login credentials (passwords are hashed and never stored in plain text).
- System usage data and audit logs.
2.2 For Patients (via SMRV — collected on behalf of healthcare providers):
- Full name, date of birth, gender, and contact information.
- Medical history, diagnoses, treatments, prescriptions, and test results.
- Any other information contained in the patient's medical file submitted for digitization.
2.3 For Students and Users (Pulp5 Platform):
- Name and email address.
- Educational institution and academic level.
- Study session data and interaction history with the AI system.
- Device and browser information for technical functionality.
2.4 Automatically collected data (all platforms):
- IP address and device type.
- Browser type and version.
- Pages visited and time spent on platform.
- Error logs for system maintenance.
3. HOW WE COLLECT YOUR DATA
- Directly from you when you register, log in, or use our platforms.
- From healthcare providers who submit patient records for digitization on behalf of patients who have provided consent.
- Automatically through system logs and session tracking for operational purposes.
4. LEGAL BASIS FOR PROCESSING
We process personal data on the following legal bases under the NDPA 2023:
- Consent: For patient data, we process based on the patient's explicit written consent obtained by the healthcare provider.
- Contract: For registered users (hospital administrators, students), processing is necessary for the performance of our service agreement.
- Legitimate Interests: For system security monitoring, fraud prevention, and product improvement.
- Legal Obligation: Where processing is required by applicable Nigerian law.
5. HOW WE USE YOUR DATA
- To provide, operate, and maintain our services.
- To digitize, store, and manage patient medical records on behalf of healthcare providers.
- To authenticate users and manage access to our platforms.
- To provide technical support and respond to user queries.
- To improve our systems, features, and services.
- To maintain security and prevent unauthorized access or fraud.
- To comply with applicable laws and regulatory requirements.
- To communicate service updates and important notices.
6. HOW WE PROTECT YOUR DATA
We implement the following technical and organizational security measures:
- All data transmitted through our platforms uses HTTPS encryption with valid SSL certificates.
- Patient data is stored in secure, access-controlled cloud databases.
- All user passwords are hashed using industry-standard cryptographic algorithms. Plain-text passwords are never stored.
- User authentication is rate-limited to prevent brute-force attacks.
- A full audit trail is maintained of all data access events.
- Role-based access control limits data access to authorized personnel only.
- Automatic session expiry upon logout or extended inactivity.
- Regular security reviews and system monitoring.
7. DATA SHARING AND DISCLOSURE
We do not sell, rent, or trade your personal data to any third party. We may share data in the following limited circumstances:
- With authorized healthcare staff at the relevant facility for patient care purposes.
- With sub-processors (such as cloud infrastructure providers) who are bound by data protection obligations no less stringent than this policy.
- With regulatory authorities, law enforcement, or courts where required by applicable Nigerian law.
- With your explicit written consent for any purpose not covered above.
8. DATA RETENTION
- Patient medical records are retained for as long as the service agreement with the healthcare provider is in force, and as required by Nigerian health regulations.
- User account data is retained for the duration of the account and for a reasonable period thereafter for legal and operational purposes.
- Audit logs are retained for a minimum of three (3) years.
- Upon request, data will be securely deleted or returned within thirty (30) days in accordance with our Data Processing Agreements.
9. YOUR RIGHTS UNDER THE NDPA 2023
You have the following rights regarding your personal data:
- Right to Access: Request a copy of your personal data we hold.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure: Request deletion of your data in certain circumstances.
- Right to Restriction: Request that we limit processing of your data.
- Right to Object: Object to certain types of processing.
- Right to Withdraw Consent: Withdraw previously given consent at any time without penalty.
- Right to Lodge a Complaint: File a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.
To exercise any of these rights, please contact us at: [Insert Data Protection Email]
We will respond to all valid requests within thirty (30) days.
10. COOKIES AND TRACKING
Our web platforms may use cookies and similar tracking technologies for the following purposes:
- Essential cookies: Required for the platform to function properly (e.g., session management, authentication).
- Performance cookies: To understand how users interact with the platform and improve our services.
You may control cookie settings through your browser. Disabling essential cookies may affect platform functionality.
11. CHILDREN'S DATA
The Pulp5 platform is designed for students and may be used by persons under the age of 18 with the consent of a parent or guardian. We do not knowingly collect data from children under 13 without verifiable parental consent. If you believe we have collected data from a child without appropriate consent, please contact us immediately.
12. CROSS-BORDER DATA TRANSFERS
We currently store and process data primarily within Nigeria. To the extent that data is processed using cloud services with servers outside Nigeria, we ensure that appropriate safeguards are in place in accordance with the NDPA 2023. We will not transfer your data internationally without appropriate protections.
13. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our services, technology, or legal requirements. We will notify registered users of material changes via email or a prominent notice on our platform. The date of the latest update is displayed at the top of this policy.
14. HOW TO CONTACT US
