Lafia Health

Privacy Policy

Data and Privacy Policy

Last Updated: March 2026

Lafia.io respects your privacy.

This policy explains how we collect, use, protect, and manage personal data.

We follow internationally recognized data protection principles and comply with applicable national and international data protection laws.

1. Purpose of this Policy

The purpose of this policy is to:

  • Protect the privacy and rights of individuals whose data we process
  • Define how Lafia.io collects, uses, stores, and protects personal data
  • Ensure compliance with global privacy regulations and national laws
  • Provide transparency for customers, partners, employees, and users

2. Scope of this Policy

This policy applies to:

  • Lafia.io employees
  • Customers and partners
  • Website and application users
  • Contractors and service providers

It governs all processing of personal data handled by Lafia.io.

Anonymized data used for research or statistical purposes is not covered by this policy.

This policy may be updated periodically to reflect regulatory or operational changes.

3. Compliance with National Laws

This policy reflects globally accepted data protection principles.

If a national law requires stricter rules than this policy, the national law will take precedence.

Lafia.io will always work to ensure compliance with both:

  • Applicable national data protection laws
  • International privacy standards

Questions regarding legal conflicts or interpretation should be directed to the Data Protection Officer (DPO).

4. Core Data Protection Principles

Lafia.io processes personal data according to the following principles.

Fairness and Lawfulness

Personal data must be processed legally, ethically, and fairly.

Individuals’ rights must always be respected.

Purpose Limitation

Personal data is collected only for specific, clearly defined purposes.

Data will not be used for unrelated purposes unless legally permitted.

Transparency

Individuals have the right to understand how their data is used.

When data is collected, individuals will be informed of:

  • The identity of the data controller
  • The purpose of data collection
  • Any third parties who may receive the data

Data Minimization

We collect only the data necessary to fulfill a specific purpose.

Where possible, anonymized or aggregated data will be used instead of personal data.

Storage Limitation

Personal data will be stored only as long as necessary for business or legal requirements.

Once data is no longer required, it will be securely deleted or archived.

Accuracy

Personal data must be:

  • Accurate
  • Complete
  • Up to date

Incorrect or outdated data will be corrected or removed.

Confidentiality and Integrity

Personal data is protected using appropriate technical and organizational safeguards to prevent:

  • Unauthorized access
  • Data loss
  • Illegal processing
  • Accidental destruction or alteration

5. Legal Bases for Processing Personal Data

Lafia.io processes personal data only when a legal basis exists.

These include:

  • Consent from the individual
  • Contractual necessity
  • Legal obligation
  • Legitimate business interest

6. Customer and Partner Data

Contractual Relationships

Personal data may be processed to:

  • Establish contracts
  • Provide services
  • Manage customer relationships
  • Fulfill contractual obligations

This may include communication during negotiations or service delivery.

Advertising and Marketing

Personal data may be used for marketing or customer communication only when permitted by law.

Individuals may opt out of marketing communications at any time.

Consent

Data may be processed when the individual provides clear consent.

Consent may be given:

  • In writing
  • Electronically
  • Verbally in certain circumstances

All consent records are documented.

Legal Obligation

Lafia.io may process data when required by law, regulation, or legal proceedings.

Legitimate Business Interest

Personal data may be processed for legitimate business purposes, such as:

  • Fraud prevention
  • Debt recovery
  • Contract enforcement

These interests must not override the rights of individuals.

Processing of Sensitive Data

Sensitive data may only be processed when:

  • Explicit consent is given
  • Required by law
  • Necessary for legal claims or regulatory obligations

Sensitive data may include:

  • Health information
  • Biometric data
  • Political beliefs
  • Religious beliefs
  • Ethnicity or race
  • Sexual orientation

Automated Decision Making

Automated systems may assist decision-making but cannot be the sole basis for decisions that significantly impact individuals.

Human review will always be available.

Website and App Data

When personal data is collected through our website or apps:

  • A privacy notice will be displayed
  • Cookie use will be disclosed
  • Users may opt out of tracking where applicable

7. Employee Data

Employee data may be processed for:

  • Recruitment
  • Employment administration
  • Payroll and benefits
  • Compliance with labor laws

Applicant data will be deleted after recruitment unless consent is provided for future opportunities.

Sensitive employee data is processed only under strict legal conditions.

8. Data Transfers

Personal data may be transferred:

  • Within Lafia.io operations
  • To service providers
  • To regulatory authorities when required

When data is transferred internationally, Lafia.io ensures that equivalent data protection safeguards are in place.

9. Data Processing by Third Parties

When third-party providers process data on behalf of Lafia.io:

  • A data processing agreement is required
  • Providers must meet strict security standards
  • Processing may occur only under Lafia.io instructions

Providers are regularly reviewed for compliance.

10. Rights of Individuals

Individuals whose data we process have the right to:

  • Request access to their personal data
  • Correct inaccurate data
  • Request deletion of their data
  • Restrict certain types of processing
  • Object to marketing communications
  • Request information about data transfers

Requests will be handled promptly and fairly.

11. Confidentiality

Employees may access personal data only when required for their role.

Unauthorized use or disclosure of personal data is strictly prohibited.

Confidentiality obligations remain in effect even after employment ends.

12. Data Security

Lafia.io uses appropriate technical and organizational measures to protect personal data.

Security measures include:

  • Encryption
  • Access control
  • Secure storage
  • Network protection
  • Regular system audits

Security standards are updated regularly as technology evolves.

13. Data Protection Monitoring

Compliance with this policy is monitored through:

  • Internal audits
  • Security assessments
  • Compliance reviews

External auditors or regulators may also conduct inspections.

14. Data Breaches

Any suspected data breach must be reported immediately.

Examples include:

  • Unauthorized data access
  • Loss of personal data
  • Accidental data disclosure

The company will investigate incidents and notify authorities when required.

15. Responsibilities

Lafia.io leadership is responsible for ensuring compliance with this policy.

Managers must ensure employees:

  • Understand privacy obligations
  • Follow data protection procedures
  • Receive appropriate training

Failure to comply with data protection laws may result in legal penalties or disciplinary action.

16. Data Protection Officer

Lafia.io appoints a Data Protection Officer (DPO) to oversee compliance with data protection regulations.

The DPO:

  • Advises the company on privacy obligations
  • Investigates data protection incidents
  • Serves as a contact point for regulators and individuals

Questions or concerns about this policy may be directed to the Data Protection Officer.

17. Definitions

Personal Data

Information that identifies or can identify a person.

Sensitive Personal Data

Data related to health, ethnicity, political beliefs, religion, sexual orientation, biometric identifiers, or union membership.

Data Subject

The individual whose personal data is being processed.

Processing

Any action involving personal data, including collection, storage, analysis, transfer, or deletion.

Data Controller

The organization responsible for determining how and why personal data is processed.

Contact

For privacy inquiries or data requests:

Lafia.io

Email: privacy@lafia.io

Website: https://lafia.io