Table of Contents
- 1. Introduction
- 2. Definitions
- 3. Information We Collect
- 4. Medical Information Protection
- 5. How We Use Your Information
- 6. Data Sharing & Disclosure
- 7. Data Security Measures
- 8. Cookies & Tracking
- 9. Your Rights
- 10. Data Retention
- 11. Third-Party Links
- 12. Children's Privacy
- 13. Policy Changes
- 14. Contact Us
1. Introduction
Welcome to MediCal Supplies, Services & Devices ("we," "our," "us"). We are committed to protecting your privacy and ensuring the security of your personal and medical information.
This Privacy Policy applies to all users of our website, mobile applications, and services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this policy.
As a medical supplies provider, we handle sensitive health information. We adhere to strict privacy standards in accordance with Ghana's Data Protection Act, 2012 (Act 843) and other applicable regulations.
2. Definitions
- Personal Information
- Any information that identifies you as an individual, such as name, contact details, and identification numbers.
- Medical Information
- Information about your health conditions, medical services purchased, prescriptions, and communications with healthcare providers through our platform.
- Sensitive Data
- Information requiring special protection, including medical records, health status, and biometric data.
- Data Controller
- MediCal Supplies, Services & Devices, which determines the purposes and means of processing personal data.
- Data Processor
- Third-party service providers that process data on our behalf under strict contractual agreements.
3. Information We Collect
A. Information You Provide
- Contact information (name, email, phone number, address)
- Account credentials (username, password)
- Medical device orders and prescriptions
- Payment information (processed securely through payment processors)
- Communications with our support team
- Feedback and survey responses
B. Information Collected Automatically
- Device information (IP address, browser type, operating system)
- Usage data (pages visited, time spent, features used)
- Location information (general location based on IP address)
- Cookies and similar technologies (see Section 8)
C. Information from Third Parties
- Healthcare providers (with your consent)
- Payment processors (transaction status)
- Shipping partners (delivery updates)
- Analytics providers (aggregated usage data)
4. Medical Information Protection
We recognize that medical information requires the highest level of protection. Our safeguards include:
All medical data is encrypted both in transit (TLS/SSL) and at rest using industry-standard encryption protocols.
Strict role-based access controls ensure only authorized personnel can access medical information on a need-to-know basis.
Comprehensive audit trails track all access to medical information for security monitoring and compliance.
Healthcare providers accessing our platform sign strict confidentiality and data protection agreements.
We are not a healthcare provider and do not provide medical advice. Medical information shared with us is for order processing and service improvement purposes only.
5. How We Use Your Information
| Purpose | Legal Basis | Information Used |
|---|---|---|
| Order Processing | Contract Performance | Contact, Payment, Medical Device Info |
| Customer Support | Legitimate Interest | Contact, Order History |
| Service Improvement | Legitimate Interest | Usage Data, Feedback |
| Legal Compliance | Legal Obligation | Transaction Records |
| Medical Device Safety | Public Interest | Device Information |
We will only send you marketing communications with your explicit consent. You can opt-out at any time by clicking the unsubscribe link in our emails or contacting us directly.
6. Data Sharing & Disclosure
We do not sell your personal or medical information. We may share your information only in the following circumstances:
A. Service Providers
- Shipping Partners: Delivery information for order fulfillment
- Payment Processors: Transaction data for payment processing
- Cloud Hosting: Securely stored data on encrypted servers
- Customer Support: Limited information for service assistance
B. Legal Requirements
We may disclose information if required by law, such as:
- Court orders or legal proceedings
- Government agency requests
- Regulatory compliance requirements
- Fraud prevention and investigation
C. Healthcare Providers
With your explicit consent, we may share relevant information with:
- Your prescribing physician
- Referring healthcare professionals
- Insurance providers (for claim processing)
Some of our service providers may be located outside Ghana. We ensure they provide adequate data protection through Standard Contractual Clauses or other approved mechanisms.
7. Data Security Measures
We implement comprehensive security measures to protect your information:
- • AES-256 encryption
- • TLS/SSL for data transit
- • Regular security audits
- • Firewalls & intrusion detection
- • Staff privacy training
- • Access control policies
- • Regular risk assessments
- • Incident response plan
- • Secure data centers
- • 24/7 monitoring
- • Redundant backups
- • Disaster recovery
In the unlikely event of a data breach, we will notify affected individuals and relevant authorities within 72 hours of discovery, as required by law.
9. Your Rights
Under Ghana's Data Protection Act and other applicable laws, you have the following rights:
Request a copy of the personal information we hold about you.
Correct inaccurate or incomplete personal information.
Request deletion of your personal information under certain conditions.
Limit how we use your information in specific circumstances.
Receive your data in a structured, commonly used format.
Object to processing of your personal information.
To exercise any of these rights, please contact us using the details in Section 14. We will respond within 30 days and may request additional information to verify your identity.
Note: Some rights may be limited, particularly concerning medical information needed for legal compliance or public health purposes.
10. Data Retention
We retain personal information only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | 7 years after last activity | Legal requirements |
| Transaction Records | 10 years | Tax & regulatory compliance |
| Medical Device Records | 15 years | Product safety monitoring |
| Marketing Preferences | Until consent withdrawn | User preference |
| Website Analytics | 26 months | Service improvement |
11. Third-Party Links
Our website may contain links to third-party websites, such as:
- Healthcare provider websites
- Payment gateway pages
- Manufacturer information sites
- Educational resources
We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies before providing any personal information.
12. Children's Privacy
Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will take steps to delete such information from our systems.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in our practices
- New legal requirements
- Service enhancements
- Feedback from users
We will notify you of significant changes by:
- Posting a notice on our website
- Sending an email notification (if you have an account)
- Updating the "Last Updated" date at the top of this policy
Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: preventivehealthinstitute@gmail.com
- Phone: +233208720347
- Address: 78 Patrice Lumumba Road Airport Residential Area, Accra, Ghana
- Hours: Mon-Fri, 9:00 AM - 5:00 PM GMT
For privacy-specific concerns or to exercise your data protection rights:
- Email:
- Subject Line: "Privacy Request"
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Commission of Ghana at:
Data Protection Commission
P.O. Box CT 7193, Cantonments, Accra
Email: info@dataprotection.org.gh
Phone: +233 302 743 181
By using our Services, you acknowledge that you have read and understood this Privacy Policy.