PRIVACY POLICY 

Last updated: 31 January 2019 

We Value Your Privacy 

At BeyHealth Consulting LTD, we take your privacy seriously and treat your personal information with the highest level of confidentiality. Our Privacy policy (together with our Terms and Conditions) sets out the basis upon which we will process any personal information we collect from you, or that you provide to us. It describes what type of personal information we collect, how we collect it, how we protect it and under what circumstances we may share that information with a third party. It also tells you how you can access, change and limit our sharing of your personal information.  

We have a short version of this privacy policy (just in case you don’t have enough time at the moment to read the full text). However, we do encourage you to read the more extended version for a detailed explanation of the rights and obligations associated with our handling of your data. 

Short Version 

BeyHealth Consulting LTD collects your information only with your consent. We collect the minimum amount of personal data necessary to fulfil the purpose of your interaction with us. We do not sell personal information that you give to us to third parties and will only use this information to provide you with a service and in accordance with the terms and conditions described in this Privacy Policy.  

Our medical education services are based in Nigeria and are directed primarily toward users and subscribers in Africa. If you are accessing our services from within Nigeria and the European Economic Area (EEA), you may have certain rights in accordance with the Nigeria Data Protection Regulation (NDPR) 2019 and the EU General Data Protection Regulation (GDPR) 2016.  

We place various cookies on your browser to understand how you’re using bhqj.org, beyhealth.org and beyhealth.com, masterclass.beyhealth.com (our websites) and how we can then customise our service to offer you an experience that aligns with your needs. Some of these cookies are from third party applications that provide us with analytical data concerning your visits to our website, and some are tools that enable you to share our content at your discretion on social media platforms of your choice or to facilitate your online registration for one of our conferences, workshops or seminars.  

If you prefer not to consent to the use of cookies while on our website, you can opt out here – Change your cookie preferences. 

Longer Version 

1. PURPOSE, SCOPE AND APPLICATION 

This Privacy Policy is intended to explain how your personal information will be handled by BeyHealth Consulting Limited (‘BeyHealth’ ‘we’, ‘our’ and ‘us’) of 1st Floor, Jabita Court, Plot 136, Alake Onile-Ere Crescent, Gbagada, Lagos, Nigeria.  

It sets out the personal information relating to you (‘Personal Data’) that will be collected and processed by BeyHealth in the context of your engagement with the company through www.bhqj.org, www.beyhealth.com, masterclass.beyhealth.com and www.behealth.org (its Websites), the platform and services provided thereon, and events held for the benefit of clients, partners and subscribers (‘Attendees’) attending its conferences, seminars and workshops (‘Events’) at designated physical locations and venues (collectively referred to as ‘BeyHealth Services’).  

The policy applies to the processing of personal data that is conducted wholly or partly by automated means. It also applies to the processing of data other than by automated means, and of personal data which forms part of or is intended to form part of, a filing system or database.  

It outlines the legal rights and obligations associated with the administration of your personal data and informs you of our procedures for collection, use and disclosure of personal information and what you can do to control how your data is processed.  

2. DEFINITION OF PERSONAL DATA 

Personal Data refers to any information relating to a natural person (‘data subject’) who can be identified or who is identifiable, either directly from the information in question or indirectly from that information in combination with other information. Examples of such identifiers may include a name, an identification number, location data, an online identifier such as an IP address, and other factors that may identify an individual. 

In other words, any information that can be used to identify you personally is Personal Data. BeyHealth Consulting Limited will not sell any personal information that you give to us, including your e-mail address, and will only use this information for internal purposes. 

3. WHAT TYPES OF PERSONAL DATA DO WE PROCESS? 

We may collect and process the following types of personal data: 

• Personal Information – this includes information such as your name, email address, company, phone number and password. 
• Device Information – this includes information such as the type of your device, operating system, browser, IP address, traffic and location data, and resources, advertisements and linked websites and other information derived from cookies used on our Websites. Our Cookie policy also gives you information about how we use cookies on our Websites.  
• Transactional History – this includes information about the date, time, value and number of transactions you make through our website and services. 
• Miscellaneous – this includes any other information which is provided to us by you (and with your consent). 
  
  

You control the information you provide to us. If you choose not to give us this information, we often cannot provide you with the information you are requesting from us. You will, however, able to access and use some parts of our Websites without providing us with your personal data 

4. WHEN DO WE COLLECT INFORMATION FROM YOU? 

We collect personal data from you when you communicate with us, sign-up for our services (including registering for an event), submit an enquiry or request support, subscribe to one of our newsletters or mailing lists or supply personal data through one of our websites or third-party service providers.  

5. WHY DO WE PROCESS YOUR PERSONAL DATA? 

We have no legal obligation to process your personal data, and it is not essential for us to collect this information to protect a vital interest or to fulfil the requirements of a necessary public task. It is unlikely that our legitimate interests in enhancing the efficiency of our website and response to your enquiries could justify an infringement on your fundamental rights and freedoms or a potential negative consequence arising from our processing of your data. Our justification for processing your personal data is based entirely on the following: 

Consent – You have real choice and control over the personal data you provide to us, and our processes are transparent about how you can withdraw your consent. We will require you to positively opt-in to the services and subscriptions we offer to you, and we make our requests clear and specific in every case. This privacy policy tells you about the rights and obligations governing our administration of your consent. 

Contract – It is necessary for us to process your personal data to enter into an agreement with you and to fulfil our commitments in respect of your use of BeyHealth Consulting Limited as a provider of medical education and continued professional development services. We collect, obtain and process your personal data to:  

• Provide you with access to our website and to authorise your use of web-enabled resources and subscription services available through this platform. 
• To create an account for you on our website, to process your actions through this account and to manage and administer your account and engagement with our services in accordance with the terms and conditions of our contract with you. 
• To process your payments through our third-party payment providers. 

• To contact you in connection with any aspect of our service to you. 
  
  

6. HOW DO WE USE THE INFORMATION YOU PROVIDE? 

The information you provide to us may be used in any of the following ways: 

• Marketing and events communication – we send periodic e-mails regarding your subscriptions, event registration and information relevant to our services. 
• To personalise your experience and the service we offer to you in future (the data you supply helps us better respond to your requirements). 

• To monitor and improve the services we offer – we continually strive to improve our services based on the information and feedback we receive from you. 
• To create a more useful and practical environment for you on our Website (your feedback helps improve the content and layout of our Website). 
• To send you journal articles and other material of relevance to your interests. 
• To process your paid transactions through our secure third-party payment applications. 
• Account set-up and administration purposes – to help you register and prepare for upcoming events. 

• To conduct polls, surveys and feedback requests designed to improve our service. 
  
  

7. HOW DO WE PROTECT YOUR PERSONAL DATA? 

We are committed to the safety and security of your information. We have taken reasonable and appropriate steps to prevent unauthorised access to, and misuse of, your personal data. We implement a variety of security measures to prevent data breaches and maintain the safety of your personal data when you submit a request, place an order or access your personal information through our websites.   

We use password-protected directories and databases to safeguard your personal data, and Secure Sockets Layered (SSL) and Transport Layer Security (TLS) technology to ensure your data is fully encrypted and transmitted across the internet securely. All supplied payment card information is transmitted via SSL technology and encrypted into our third-party payment gateway provider databases and only accessible by individuals authorised with exclusive, confidential access rights to such systems.  

We do not store or process any of your card or payment information. Our trusted third-party payment providers process all payment information. Our third-party providers of card payment services and other technological applications adhere to similar standards of online security and information governance, including secure identity verification, secure password protection and electronic two-factor authentication of identity where necessary. We comply strictly with the requirements of these security measures. We have no control over the services provided by these third-party applications and therefore cannot assume responsibility for any misuse of payment card information supplied to these services.  

Where we have provided you with a password to grant you access to specific areas of our website infrastructure, we request that you appreciate that this password is being used as a means of protecting your accounts and personal data held on our system. It is your responsibility to keep your password confidential. We ask that you do not share this information with anyone. If you are sharing a computer with other individuals, you should always log out of the system before leaving the area to prevent subsequent users from gaining unauthorised access to your personal data.  

8. WHERE DO WE STORE YOUR PERSONAL DATA? 

Your personal data is processed in secure physical locations in Nigeria and stored on secure servers located within the European Economic Area (the ‘EEA’) and the United States. We only transfer and store your personal data in locations that guarantee an internationally accredited level of data security and where there are appropriate safeguards in place to protect your personal data.  

9. HOW LONG DO WE KEEP YOUR PERSONAL DATA? 

We only retain personal data for as long as is necessary to fulfil the purpose for which it was collected. We expect to keep your personal data for as long as you continue to subscribe to our services and for as long as it remains necessary to maintain a continuous customer relationship with you.  

In general, we may keep your personal data for up to 5 years after the last active date of your account with us. Please note that the duration of storage of personal data may vary between subscribers and may be determined by prevailing legal, regulatory and administrative requirements relevant to your data. Any personal data which is no longer required will be erased/deleted from our records.  

10. UPDATING YOUR PERSONAL DATA 

If you have created an account or a personal profile on one of our websites, we would usually provide you with secure access and instructions to update some or all your personal information held on this account. You may be required to contact us if you wish to make amendments to certain aspects of your profile for which general access has not been granted. We may request additional security information to verify your identity at this stage. We reserve the right to deny your request to amend personal data if we are permitted or required to do so by law, or pending such time as you are able to verify your identity. 

11. REVOKING CONSENT 

You have the right to withdraw your consent for us to use your personal data at any time. This right will be interpreted in conjunction with other rights, responsibilities and obligations governing the administration of your personal data. 

If you would like to correct, amend or delete information about you held by us, or have any questions regarding storage, retention or processing of your personal data, please e-mail us at privacy@beyhealth.com 

12. PROTECTING THE PRIVACY OF CHILDREN 

The essential function of our websites is to facilitate medical education and continued professional development among trainee and practising healthcare professionals and the healthcare provider community in Africa. Our Websites and services are therefore designed for business users only and not intended for use by anyone under the age of 18 years.  

We do not routinely verify the age of our users but do realise that an individual under the age of 18 years may attempt to access our website. Our websites do not contain sexually explicit content but may contain material suitable for professional purposes but unsuited to viewing by children and under-aged individuals. If you are a parent or legal guardian of a person under the age of 18 years and have reason to believe that your ward has accessed services provided on our websites, please contact us immediately at the address provided below. We will use reasonable efforts to ensure that any information or personal data collected as a result of this access is removed from our databases. 

If you reside in a jurisdiction in which different age thresholds apply, we ask that you respect the purpose and objectives of our websites and comply in full, with the requirements of this privacy policy. 

13. DO WE DISCLOSE PERSONAL INFORMATION TO OUTSIDE PARTIES? 

The information you provide to us is held in the strictest confidence. We do not sell, trade or transfer your personal data to outside parties. Where necessary, and providing these parties agree to keep this information confidential, we may disclose personal data we collect from and about you to the following third parties.  

Third-Party Service Providers 

All our third-party providers have their own privacy policy and independent security arrangements for safeguarding personal data. We do not assume responsibility and accept no liability for the content and activities of any third-party service provider. Operationally, we use the following services to store and process personal data 

Primary Providers 

• Team Tito Limited (‘Tito’) – who provide us with event registration services online. 
• Salesforce – who provide us with customer relationship management, cloud computing, storage and web hosting services. 
• Amazon Web Services – who provide us with cloud storage for our journal services 
• WordPress – who provide us with web development services, contact form management and messaging services.  
• Microsoft Office Online (Office 365) – who provide us with cloud storage services 

• MailChimp – who provide us with contact management and database services, and e-mail newsletter campaigns.  
• Google Analytics – who provide us with analytics services that allow us to measure activity on our websites and judge the effectiveness of the material we publish. 

Other Providers that may store some personal information 

• Apple (via Apple Pay/Apple Wallet) 
• Gravatar

• Google Apps 

• Google Docs 
• Google Sheets 
• Google Mail (Gmail) 

• Google Cloud (and Maps services) 

• Google Cloud (and Google Maps services) 
• GitHub 
• Stripe 
• PayPal 
• Falcon IO 

• Dropbox 
• Zapier 
• Typeform 

The list of third-party service providers we use may change from time to time to ensure that we are managing the security of your personal data in the best way possible. We update our list of third-party service providers regularly. The most recent update can be found in the latest version of our privacy policy. 

Statutory bodies, Regulatory Authorities and Law Enforcement 

We may be required to disclose your personal data if such disclosure is necessary to: 

• Comply with statutory, legal or regulatory obligations and requests.  
• Protect the rights, property and safety of our customers, the public and ourselves.  

External advisors – such as our lawyers, accountants and auditors may also have access to personal data to the extent permitted by law and necessary to ensure compliance with statutory, regulatory and legal requirements governing the conduct of our business. 

Prospective or actual purchasers of our company or assets – Applies in case of acquisition by, or a merger with a third party. The new business would assume responsibility for providing the website and associated services and retain the right to use your personal data in accordance with the terms of this (or succeeding) privacy policy.   

14. GDPR REGULATION (EU/EEA ONLY) – YOUR RIGHTS AND HOW YOU MAY EXERCISE THEM 

Our services are based in Nigeria and targeted specifically at individuals in Africa. If you are accessing our websites or using our services from within the European Union (EU) or European Economic Area (EEA), you may have certain rights under the EU General Data Protection Regulation (GDPR) 2016.  

• Right to be Informed 
  You have the right to know if we are processing your personal data, what personal data is being processed, how we use your personal data and your rights in relation to any personal data we hold for you.  
• Right of Access (‘subject access’) 
  You have the right to access your personal data held by us. You are entitled to make a subject access request verbally or in writing. We will have one month to respond to your request. In most circumstances, we will not charge a fee to deal with such requests. 
• Right to Rectification 
  You have the right to have any inaccurate personal data we hold about you updated or corrected.  An individual can request rectification verbally or in writing. We will have one calendar month to respond to your request and can, in certain circumstances, can refuse such a request for rectification. 

• Right to Erasure (also known as the ‘right to be forgotten’) 
  You have the right to request the removal or deletion (‘erasure’) of your personal data if there is no compelling reason for us to continue to hold this information. An individual can make a request for restriction verbally or in writing. We will have one calendar month to respond to a request. The right is not absolute and only applies in certain circumstances.  

You have the right to have your personal data erased if: 

• The data is no longer necessary for the purpose it was originally collected or processed. 
• We are relying on consent as the lawful basis for holding your data and you, the individual, withdraw your consent. 
• We are relying on legitimate interests as our basis for processing, you object to our processing your data, and there is no overriding legitimate reason to continue this processing. 

• We have collected or processed your personal data unlawfully in the first place. 
• The data must be erased to comply with a legal obligation. 
• We have processed the personal data in relation to the offer of information society services to a child. 

• Right to Restriction of Processing 
  You have a right to ask us to restrict the processing of your personal data. This right is not absolute and only applies in certain circumstances, including if you believe that the personal data that we hold about you is inaccurate or that our use of your personal data is unlawful. You can make a request for restriction verbally or in writing. We will have one calendar month to respond to your request. When processing is restricted, we are permitted to store your data, but will not use it until the issue necessitating the restriction has been resolved.  
• Right to Data Portability 
  You have the right to request that we provide you with the personal data you have given to us and to use it (across different services) for your own purposes upon receipt. We will provide this data to you within 30 days of your request. To request your personal data, please contact us using the information at the top of this privacy notice. 

• Right to Object 

You have the right to object to the processing of your personal data in certain circumstances. You can make this objection verbally or in writing. We will have one calendar month to respond to your complaint. You have an absolute right to stop your data being used for the purpose of direct marketing. 

In other cases, your right to object may depend on the purpose and lawful basis for processing your personal data in each case. Your right to object may not be considered absolute if any of the following circumstances exist: 

• A task carried out in the public interest. 
• The exercise of official authority vested in us – or, 

• Where processing is conducted for our own legitimate interests (or those of a third party). 

You will be required to provide specific reasons for objecting to the processing of your data, and we may be able to continue processing if: 

• We can demonstrate compelling legitimate grounds which override the interests, rights and freedoms of the individual – or,  
• If the processing is for the establishment, exercise or defence of legal claims. 

In cases of data being processed for scientific or historical research, or statistical purposes, your right to object under GDPR is more limited. We may be able to proceed with processing on the basis of carrying out research or statistical work solely for the performance of a necessary public task carried out in the public interest. We will consider each objection on its own merits and aim always to provide a suitable explanation for our decision. We will inform you of your right to complain to relevant supervisory authorities regarding this process as well as provide you with any information that you may find useful. 

15. CHANGES TO OUR POLICY 

We reserve the right to update our privacy policy to reflect changes in the provision of our services in future. The current privacy policy will remain in effect until an updated policy is published (on this page) to reflect changes in its provisions. Your continued use of our service following any modifications to the privacy policy as published on this page constitutes an acknowledgement of these modifications and your consent to abide and be bound by the terms of the newly modified and published privacy policy. 

16. CONTACTING US 

If you have any questions regarding this privacy policy, please contact us at: 

BeyHealth Consulting LTD. 

1st Floor, Jabita Court  

Plot 136, Alake Onile-Ere Crescent 

Gbagada, Lagos 

Nigeria 

privacy@beyhealth.com 

SECURITY POLICY 

Last updated: 31 January 2019 

1. PASSWORD SECURITY AND ENCRYPTION 

All personal data held by us is stored on Salesforce and MailChimp servers in the United States and by Amazon Web Services (via the Tito Services platform). All directory and database passwords are hashed and cannot be retrieved (they must be reset).  

Applications communicating with our website use Secure Sockets Layered (SSL) and Transport Layer Security (TLS) technology to ensure your data is fully encrypted and transmitted across the internet securely. All supplied payment card information is transmitted via SSL technology and encrypted into our third-party payment gateway provider databases and only accessible by individuals authorised with exclusive, confidential access rights to such systems. 

2. HTTPS PROTOCOL 

All communication between your browser and our websites is secure and encrypted using HTTPS protocol. If you are using a web browser such as Internet Explorer, Firefox and Chrome, our Websites will display a padlock icon in the address bar to visually indicate that a trusted SSL Digital Certificate is being used during a secure HTTPS connection. 

Because our web pages only support HTTPS protocol, personal data such as your name, e-mail address and credit card details provided on and communicated through our websites is securely encrypted and cannot be intercepted and decrypted by a ‘hacker’ or intruder. 

3. BREACH POLICY 

In the event of a data breach, BeyHealth will conduct a thorough investigate and notify all individuals affected with: 

• Details of the incident (what happened?) 
• Personal information (including personal data) compromised 
• Recommendations for further action (including changes to minimise the risk of a similar occurrence in future) 

An assessment of the likely impact of the data breach will be conducted and communicated appropriately. In the event of a confirmed breach, all passwords relating to data held within our system will be reset.  

4. CONTACTING US 

If you have any questions regarding this privacy policy, please contact us at: 

BeyHealth Consulting LTD. 

1st Floor, Jabita Court  

Plot 136, Alake Onile-Ere Crescent 

Gbagada, Lagos 

Nigeria 

privacy@beyhealth.com 

COOKIE POLICY 

Last updated: 31 January 2019 

1. WHAT ARE COOKIES? 

Cookies are small pieces of data or text files that are downloaded to your computer or mobile device when you access a website. The text contained in the cookie (often readable by the web server that delivered the cookie to you) generally consists of a sequence of letters and numbers that uniquely identifies your computer or mobile device. 

1. DO WE USE COOKIES ON OUR WEBSITES? 

Yes. Like many other companies, our Website uses cookies to remember your preferences, customise your customer experience and enhance the usefulness of our site to you and others. The information provided through cookies helps us understand how visitors engage with our services online.   

• Google Analytics cookies 

Google Analytics uses cookies to gather and analyse information about how visitors use the site and helps us refine that experience to serve our clients better. The information generated by the cookies about your IP address and use of our website will be transmitted to and stored by Google on its own managed servers. For more information on how Google collects and processes your data, visit https://www.google.com/policies/privacy/partners/ 
You can prevent Google Analytics from using your information by opting out via this link: https://tools.google.com/dlpage/gaoptout 

• Stripe Cookies 

Whenever a customer uses Stripe to make a payment on our website, Stripe sets a cookie as an integral part of its fraud detection protocol to ensure that all transactions processed through its payment gateway are safe and legitimate and comply with its internal requirements for data and financial security.  

3. WE MAY USE COOKIES TO 

• Identify areas of our website that you have visited. 
• Remember your preferences, settings, and login details 
• Personalise content on our website to make it more useful to you. 
• Analyse your use and patterns of engagement on our website (using Google Analytics). 
• Understand how you use our website and discover what content is most useful to you.   

• Assist you in posting comments, questions and requests on our website. 
• Enable you to share content with social networks. 

You will always be asked to consent to the use of cookies when visiting our website. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Most web browsers can also be set to disable the use of cookies. However, if you choose to withhold consent or disable access to cookies in your browser settings, you may not be able to access certain features of our website.   

4. HOW CAN YOU DISABLE THE USE OF COOKIES ON YOUR COMPUTER? 

You may be able to disable cookies in your browser using the following information: 

• Internet Explorer - click to view page [https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies#ie=ie-11] 
• Chrome - click to view page [https://support.google.com/chrome/answer/95647?hl=en] 
• Firefox - click to view page [https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored] 
• Safari - click to view page [https://support.apple.com/kb/ph21411?locale=en_US] 
• Opera - click to view page  

• Flash cookies - click to view page  
• Apple Devices - click to view page [https://support.apple.com/en-us/HT201265] 
• Android Devices - click to view page [https://hubpages.com/technology/How-to-delete-internet-cookies-on-your-Droid-or-any-Android-device] 

5. CONTACTING US 

If you have any questions regarding this privacy policy, please contact us at: 

BeyHealth Consulting LTD. 

1st Floor, Jabita Court  

Plot 136, Alake Onile-Ere Crescent 

Gbagada, Lagos 

Nigeria 

privacy@beyhealth.com