EROM Diagnostics

Privacy Policy


The surge in the use of information technology necessitated by the need for the movement, collection, processing and storage of private data for socio-economic purposes has led to numerous privacy issues. In a bid to protect the rights of individuals and corporate entities to data privacy, a global regime to protect data and the digital economy is now in place to protect data privacy across different stratifications of the global economy.

Therefore, as part of the global economy, the Healthcare Industry is not left out of the need to ensure the privacy and protection of the personal information of customers collected, processed, and stored. Hence, the need for the provision of a data privacy policy to institutionalize processes and procedures by which the personal information of individual customers, is collected, processed, and stored cannot be over-emphasized. More importantly, providing for the rights and protection of customers where their information is shared with our consultants, third-party vendors, and partners, in the course of onboarding or rendering services to them.

This Policy is a formal acknowledgment that EROM Healthcare Limited (“the Company”/”EROM”) is committed to the protection of the rights and privacy of its customers, in accordance with the Nigeria Data Protection Regulation, 2019.


The Company takes its customers’ privacy very seriously. This Data Privacy Policy stipulates the basis for the collection, use and disclosure of personal data by The Company in line with the Nigerian Data Privacy Regulation. Personal Data comprises all the details the Company holds or collects on its employees, customers, stakeholders vendors and other interested parties, directly or indirectly, and includes any offline or online data that makes a person identifiable, such as names, addresses, phone number, passport ID, usernames, passwords, digital footprints, photographs and financial data.

These data may be received from third parties or collected using our website(s), mobile app, and other digital channels. With this policy, we will ensure that we collect, store and handle data fairly, transparently, and with respect toward individual rights.


This Privacy Policy applies to all our customers and beneficiaries, clients, third-party vendors, agents, outsourcing firms, as well as other stakeholders whom we collect personal data from or instruct to collect and process personal data on our behalf. It is therefore our responsibility as a company to bring this policy to the attention of all interested parties and stakeholders that provides us with their personal data. By providing your personal information or data, you acknowledge that we may use it only in the ways set out in this Privacy Policy. We may provide you with further notices highlighting certain uses we wish to make of your personal information. From time to time, we may need to make changes to this privacy policy, for example, as a result of changes in government regulations and policies, new technologies, or other developments in data protection laws or privacy generally. You should check the Company’s website periodically to view the most up-to-date privacy policy.


The personal information you provide is processed fairly, lawfully, and in a transparent manner.

The personal information you provide is collected for a specific purpose and is not processed in a way incompatible with the purpose for which The Company collected it.

Your personal information is adequate, relevant and limited to what is necessary for relation to the purposes for which it is processed.

Your personal information is kept accurate and, where necessary kept up to date.

Your personal information is kept no longer than necessary for the purposes for which the personal information is processed.

We will take appropriate steps to keep your personal information secure.

Your personal information is processed in accordance with your rights.

We will only transfer your personal information to another country or an international organization, where we have taken the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards.

The Company will not sell your personal information and will also not permit the selling of customer data by any companies who provide a service to us.


5.1 We collect personal information directly from you:

  • Via enquiry, registration form, benefits, feedback forms, and other important documents forwarded by you to provide us with your personal details;
  • When you fill out a survey, or vote in a poll on our website; Through application forms;
  • Via our telephone calls with you, which may be recorded;
  • When you provide your details to us either online or offline;
  • Via live chat, chat box and profilers;
  • Through web analytics tags.

    5.2 We also collect your personal information from several diverse sources
    including third parties like:
  • Third parties who assist us in checking your details and information when processing benefits entitlements for payment;
  • Third parties such as companies who provide consumer classification for marketing purposes; e.g. market segmentation data;
  • Contractors, partners, vendors and consultancy firms we have engaged with the requisite contractual obligation to collect personal data of customers in line with this policy;


    As a licensed healthcare service provider, we collect the following information relating to your personal data via the Registration Form and other relevant documents. Where The Company is the data controller of your personal information, we may collect the following about you:
  • Personal information – contact details such as name, email address, residential address and telephone number;
  • Identification information such as your date of birth, national identity number or NIMC number, bank verification number (BVN), and other identification numbers on your passport, driving license and other valid means of identification;
  • Financial information; such as bank details;
  • Information relevant to your registration with us during the onboarding process;
  • Corporate information such as company name, certificate of incorporation, nature of business, registered address of the company, etc.;
  • Sensitive personal information such as religious affiliation and marital status.
  • Medical records and history


    We respect the privacy of children. We do not knowingly collect names, email addresses or any other personally identifiable information from children, except where this is required to register them as dependents in relation to our customers.
    However, registration of children below the age of 18 years for the purpose of eligibility to access healthcare services can only be done through an elected guardian.


    Under data protection laws, we need a reason to use and process your personal information and this is called legal ground. We have set out below the main reasons why we process your personal information and the applicable circumstances when we will do so:
  • Processing of your information or personal data is necessary in order to establish a database of our customers for us to provide a seamless administration of healthcare;
  • To easily communicate with you with respect to our operations;
  • We may use Cloud storage solutions within or outside Nigeria, which are chosen to ensure efficiency and improved performance through up-to-date technology;
  • Where we have a legal or regulatory obligation to use such personal information, for example, when our regulators, such as the Economic and Financial Crimes Commission (EFCC), Nigeria Financial Intelligence Unit (NFIU) and our data
    protection regulator, the National Information Technology Development Agency (NITDA), require us to maintain certain records of any dealings with you;
  • Where we need to use your personal information to establish, exercise or defend our legal rights; for example, when we are faced with any legal claims, or where we want to pursue any legal claims ourselves;
  • Where we need to use your personal information for reasons of substantial public interest, such as investigating medical malpractice and carrying out fraud, credit and anti-money laundering checks, identification checks;
  • Where we need to communicate with you to resolve complaints or other issues;
  • Where you have provided your consent to our use of your personal information;
  • We will usually only ask for your consent in relation to processing your sensitive personal information. This will be made clear when you provide your personal information. If we ask for your consent, we will explain why it is necessary;
  • Where you provide sensitive personal information about a third party, we may ask you to confirm that the third party has provided his or her consent for you to act on their behalf;
  • Where we have an appropriate legitimate business need to use your personal information such as maintaining our business records, as well as developing and improving our products and services, all whilst ensuring that such business need does not interfere with your rights and freedoms and does not cause you any harm.


    We will not share any of your personal information other than for the purpose
    described in this Privacy Policy.


    We may disclose your information to the third parties listed below for the purposes described in this Privacy Policy. This might include:
  • Your relatives or guardians (on your behalf where you are incapacitated or unable to function or act) or other people or organizations associated with you, such as your lawyer;
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers;
  • The police and other third parties or law enforcement agencies, where it is reasonably necessary for the prevention or detection of crime;
  • For the purpose of providing customer information for the establishment of a rich healthcare industry database;
  • Our third-party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies and tax advisers;
  • Other suppliers, providers of goods and services associated with the full implementation of our operational objectives as a healthcare service providers;
  • Customer satisfaction survey providers;
  • Financial organizations and advisers;
  • Disclosure of your personal information to a third party will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them. We may also disclose your personal information to other third parties where:
  • We are required or permitted to do so by law or by regulatory bodies, such as, where there is a court order or statutory obligation;
  • We believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest;
  • Exemptions under the data protection legislation allow us to do so. Where we make a transfer of your personal information outside of Nigeria, in all cases where personal data is transferred to a country that is deemed not to have the same standards of protection for personal data as Nigeria, The Company will ensure appropriate safeguards have been implemented to ensure that your personal
    information is protected where standards are not the same or similar to those standards within Nigeria. Such steps may include placing the party we are transferring personal information to under contractual obligations to protect it to adequate standards.


    We keep your personal information for as long as reasonably necessary to fulfill the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. The length of time we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.


    You can ask us to do various things with your personal information. For example, at any time, you can ask us for a copy of your personal information, ask us to correct mistakes, change the way we use your information, or even delete it. We will do either what you have asked or explain why we cannot – usually because of a legal or regulatory issue. You have the following rights in relation to our use of your personal information:

    12.1: The right to access your personal information: You are entitled to a copy of the personal information we hold about you and certain details of how we use it. Your personal information will usually be provided to you in writing unless
    otherwise requested.

    12.2: The right to rectification: We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us by using the details shown in your documentation and you can ask us to update or amend it.

    12.3: The right to erasure: In certain circumstances, you have the right to ask us to erase your personal information, for example, where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors; for example, according to the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations that mean we cannot comply with your request.

    12.4: Right to restriction of processing: In certain circumstances, you are entitled to ask us to stop using your personal information, for example, where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.

    12.5: Right to data portability: In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your personal information.

    12.6: The right to withdraw consent: For certain use of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. From time to time, we may run specific marketing campaigns through social media and digital advertising that you may see, which are based on general demographics and interests. Individual personal information is not used for these campaigns. If you do not want to see any campaigns, then you will need to adjust your preferences within social media settings and your cookie browser settings. If you do not want to receive such promotional materials from us, you can opt-out at any time by sending an email to


    This Policy shall be applicable to EROM Healthcare Limited in all its operations and functions.

    14. REVIEW

    This Policy shall be reviewed periodically to ensure it remains relevant and appropriate to the Company.

    Contact Us
    All access requests, questions, comments, complaints, and other requests regarding this Policy should be sent to We may request additional details from you regarding your complaints and keep records of
    your requests and resolution.

    Contact the Regulator, National Information Technology Development Agency (NITDA). You have a right to complain to the Regulator if you think that your information has been
    The contact details are:
    Address :No. 28, Port Harcourt Crescent
    Off Gimbiya Street
    Area 11, Garki
    Telephone : +234929220263, +2348168401851, +2347052420189
    Website :