Introduction

Welcome to the eN-LIS Lite Mobile Application ("eN-LIS", "eN-LIS Lite", “eN-LIS Mobile", “the App”). This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you download, install, access, or use the eN-LIS mobile application made available through the Google Play Store.

The eN-LIS application is managed by Georgetown Global Health Nigeria (GGHN) ("we", "us", "our"), a non–profit, NGO established in 2019 and committed to advancing integrated, data-driven health systems strengthening through scalable service delivery, digital innovation, surveillance architecture, and institutional capacity development. We are committed to protecting the privacy, confidentiality, and security of personal and health-related data entrusted to us.

By using the eN-LIS mobile application, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with this Policy.

This Privacy Policy is designed to comply with:

• Google Play User Data and Data Safety Policies
• Nigeria Data Protection Act (NDPA)
• Applicable international data protection best practices

Scope of This Privacy Policy

This Privacy Policy applies specifically to:

• The eN-LIS mobile application
• All data collected through the App
• All users of the App, including healthcare professionals, staff, partners, and authorised users

This Policy does not apply to other GGHN websites, applications, internal systems, or offline services unless explicitly stated.

Information We Collect

We collect information to provide, operate, maintain, and improve the eN-LIS application.

Personal Information

Depending on how you use the App, we may collect:

• Full name
• Email address
• Phone number
• Residential or Work address
• User ID or username
• Organisation or facility name
• Photo image

Health and Sensitive Information

Where applicable and authorised, the App may process sensitive personal data, including:

• Laboratory test requests
• Laboratory test results
• Patient identifiers
• Health-related records entered or accessed through the App

Sensitive health data is processed strictly for healthcare delivery, diagnostic support, reporting, and regulatory compliance.

Technical and Device Information

When you use the App, we may automatically collect:

• Device type and model
• Operating system version
• App version
• IP address
• Log files and timestamps
• Crash reports and performance data

Usage Information

We may collect information about how you interact with the App, including:

• Pages or features accessed
• Frequency and duration of use
• Error logs

App Permissions

The eN-LIS application may request access to certain device features to function properly. These permissions are used strictly for their intended purposes.

Depending on functionality enabled, the App may request access to:

• Internet access – to synchronise data securely with backend systems
• Storage – to securely store application data or downloaded reports
• Camera (if enabled) – to scan documents or laboratory forms

You may control permissions through your device settings. However, denying certain permissions may limit App functionality.

How We Use Your Information

We use the information collected through the eN-LIS App to:

• Provide and operate App functionality
• Facilitate laboratory information management
• Enable access to laboratory results and reports
• Improve App performance, reliability, and user experience
• Maintain system security and prevent unauthorised access
• Comply with legal, regulatory, and reporting obligations
• Respond to user inquiries and support requests

We do not sell personal data or health information.

Legal Basis for Processing

We process personal data under one or more of the following lawful bases:

• Your explicit consent
• Performance of a contract or service obligation
• Compliance with legal and regulatory requirements
• Protection of vital interests, including patient care
• Legitimate organisational interests that do not override your rights

Data Sharing and Disclosure

We may share your information only under the following circumstances:

Authorised Service Providers

Trusted third-party service providers who support App hosting, analytics, or infrastructure may process data on our behalf under strict data protection agreements.

Legal and Regulatory Obligations

We may disclose data where required by law, regulation, court order, or government authority.

Healthcare and Operational Purposes

Authorised healthcare professionals and institutional users may access relevant data strictly for clinical, diagnostic, or operational purposes.

We do not share personal data for advertising or marketing purposes.

Data Storage and Retention

Personal and sensitive data collected through the App is:

• Stored securely in approved cloud environments
• Retained only for as long as necessary to fulfil its intended purpose or comply with legal requirements

Retention periods are defined in accordance with healthcare regulations, operational needs, and applicable laws.

When data is no longer required, it is securely deleted, anonymised, or destroyed.

Data Security

We implement appropriate technical and organisational measures to protect your information, including:

• Encryption of data at rest and in transit
• Role-based access controls and least privilege principles
• Strong authentication mechanisms
• Secure logging and monitoring
• Regular security assessments and vulnerability testing

Despite our efforts, no system can be guaranteed 100% secure. Users are encouraged to protect their login credentials and devices.

Account Management and Deletion

You have the right to request deletion of your eN-LIS account and associated personal data.

Account deletion can be requested by:

• Using the in-app account deletion feature (where available), or
• Sending a request to our privacy contact email

Upon verification, we will:

• Delete or anonymise your personal data within a reasonable timeframe
• Retain only data required by law or for legitimate healthcare record-keeping

Your Data Protection Rights

Subject to applicable law, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Restrict or object to certain processing activities
• Request data portability
• Withdraw consent at any time
• Lodge a complaint with a regulatory authority

Requests may be submitted through the contact details below and will be addressed within statutory timelines.

Children’s Privacy

The eN-LIS mobile application is not intended for direct use by children. Where children’s data is processed as part of healthcare services, such processing is conducted under appropriate legal authority and safeguards.

We do not knowingly collect personal information directly from children without proper consent or authorisation.

International Data Transfers

Where data is transferred or stored outside Nigeria, we ensure that appropriate safeguards are in place, including:

• Adequate data protection measures
• Contractual safeguards
• Compliance with applicable data protection law

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, App functionality, or data processing practices.

Material changes will be communicated through the App or other appropriate channels. Continued use of the App after updates constitutes acceptance of the revised Policy.