Privacy Policy

FASTLAB PHYSICIAN PRIVACY POLICY

Effective Date: December 24, 2025

Jurisdiction: Nigeria

1. OVERVIEW

Fastlab Physician ("the Company," "We," "Us") is a healthcare data controller committed to the secure and lawful processing of personal and clinical information. We adhere strictly to the principles of lawfulness, transparency, and data minimization as mandated by the Nigeria Data Protection Commission (NDPC).

2. DATA COLLECTION AND CLASSIFICATION

We collect and process data in the following categories to facilitate clinical excellence:

Personal Identification:

  • Full Name
  • National Identification Number (NIN)
  • Sex
  • Date of birth
  • Contact details

Professional Data:

  • Medical and Dental Council of Nigeria (MDCN) registration numbers
  • Specialty
  • Professional affiliations

Sensitive Health Data:

  • Patient clinical records
  • Laboratory diagnostic reports
  • Imaging data

Audit Metadata:

  • Electronic timestamps
  • IP addresses
  • Unique device identifiers to ensure record integrity

3. LEGAL BASIS FOR PROCESSING

In accordance with Section 25 of the NDPA 2023, processing is conducted under these grounds:

Consent:

Freely given, specific, and informed consent from the data subject.

Legal Obligation:

Compliance with the National Health Act 2014 regarding medical record keeping.

Vital Interests:

Protection of a subject's life in medical emergencies.

Public Interest:

Public health surveillance and clinical research authorized by Nigerian law.

4. DATA SECURITY AND INTEGRITY

We employ a "Defense in Depth" strategy to protect Nigerian health data:

Encryption:

Implementation of AES-256 for data at rest and TLS 1.3 for data in transit.

Storage:

All primary data storage is local or within jurisdictions approved by the NDPC.

Anonymization:

Use of de-identification techniques for any data used in clinical analytics.

Breach Protocol:

Mandatory notification to the NDPC within 72 hours of any high-risk data breach.

5. RETENTION AND DISPOSAL

Data is retained only as long as required by Nigerian law:

Clinical Records:

Minimum of 10 years As per National Health Act guidelines.

Financial Records:

7 years For tax and audit compliance with the FIRS.

Secure Disposal:

Upon expiration of retention Digital shredding and certified physical destruction of media.

6. INDIVIDUAL RIGHTS

Data subjects in Nigeria possess the following rights:

Access:

Request copies of personal data in a readable format.

Correction:

Mandate the update of inaccurate clinical or personal info.

Deletion:

Request erasure of data where legal retention periods have expired.

Objection:

Object to processing for direct marketing or unauthorized research.

7. CONTACT INFORMATION

For grievances or data access requests, contact our Data Protection Officer (DPO):

Regulatory Liaison:

Nigeria Data Protection Commission (NDPC)