Legal
Privacy Policy
Last Updated: June 2026 · Version 1.0
This Privacy Policy applies to all users of the Mikul Health platform, including Clients, Patients, family members, Caregivers, nurses, and administrative staff. It describes how we collect, use, store, and protect your personal data in compliance with the Nigeria Data Protection Act (NDPA) 2023 and the General Application and Implementation Directive (GAID) 2025.
1. Who We Are
Mikul Health is a digital homecare aggregator that connects patients and their families with qualified healthcare providers, including nurses and caregivers, for home-based medical and support services. We operate as a data controller in respect of personal data processed through our platform.
Registered Name: Mikul Healthcare Technology Limited (RC: 1894653)
Contact Email: privacy@mikulhealth.com
Phone: +234 916 059 6636
2. Personal Data We Collect
We collect the following categories of personal data depending on your relationship with our platform:
2.1 Clients, Patients and Families
• Full name, date of birth, gender
• Contact information: phone number, email address, home address
• Health information: medical history, care needs, diagnoses, medications
• Next-of-kin and emergency contact details
• Payment information (processed via a licensed payment gateway)
2.2 Caregivers and Nurses
• Full name, date of birth, gender, profile photo
• Contact information: phone number, email address, residential address
• Professional credentials: qualifications, certifications, work history, and regulatory license status
• Government-issued identification
• Bank account details for payment disbursements
• Background verification information, including guarantor and previous employer references
2.3 Administrative Staff
• Full name and contact details
• Role and access credentials
• Activity logs within the platform
3. How We Use Your Personal Data
We process your personal data only for specific, legitimate purposes as outlined below:
• To match patients with suitable caregivers and manage care delivery
• To communicate with you about bookings, service updates, and care schedules via SMS and other channels
• To process payments and disbursements through licensed payment gateways
• To verify the credentials, license status, and identity of caregivers and nurses
• To maintain records required by applicable healthcare and data protection regulations
• To respond to complaints, disputes, or regulatory enquiries
• To improve our platform, services, and user experience
• To comply with our legal obligations under Nigerian law
4. Lawful Basis for Processing
We rely on the following lawful bases to process your personal data under the NDPA 2023:
• Consent — Where you have given clear, specific, and informed consent, for example, to receive marketing communications
• Contract — Where processing is necessary to fulfil our service agreement with you
• Legal Obligation — Where we are required by law to process your data
• Legitimate Interests — Where processing is necessary for our legitimate business interests and does not override your rights
5. Health Data (Special Category)
Health information is a special category of personal data under the NDPA 2023. We collect and process health data only where you have given explicit consent, or it is necessary for the provision of healthcare services requested by you.
We do not share health data with third parties for marketing purposes. We apply enhanced safeguards to health data, including strict access controls and encryption, and access to health data is limited to personnel and Caregivers directly involved in delivering or coordinating your care.
6. Third-Party Data Processors
We share your personal data with the following licensed third-party processors, solely for the purposes outlined in this Policy:
Licensed Payment Gateway
Purpose: Payment processing for client bookings · Data: Name, email, payment details
SMS/Communications Service Provider
Purpose: Notifications and communication (booking updates, OTPs, alerts) · Data: Phone number, name
Wallet & Disbursement Service Provider
Purpose: Caregiver wallet, savings, and payment disbursement services · Data: Name, bank details
All third-party processors are bound by Data Processing Agreements (DPAs) requiring them to process data only on our instructions and in compliance with applicable data protection law.
7. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our general retention periods are:
• Patient and caregiver records: 7 years from the last active engagement
• Payment records: 7 years in line with financial record-keeping obligations
• Staff records: Duration of employment plus 3 years
• Marketing consent records: Until consent is withdrawn plus 1 year
When data is no longer required, it is securely deleted or anonymised.
8. Your Rights
Under the NDPA 2023, you have the following rights with respect to your personal data:
• Right to access — Request a copy of the personal data we hold about you
• Right to rectification — Request correction of inaccurate or incomplete data
• Right to erasure — Request deletion of your data where there is no lawful reason to retain it
• Right to data portability — Receive your data in a structured, commonly used format
• Right to object — Object to processing based on legitimate interests
• Right to withdraw consent — Withdraw consent at any time where processing is consent-based
• Right to lodge a complaint — File a complaint with the Nigeria Data Protection Commission (NDPC)
To exercise any of these rights, contact us at: privacy@mikulhealth.com
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or disclosure. These measures include:
• End-to-end encryption of data in transit and at rest
• Role-based access controls limiting data access to authorised personnel only
• Regular security assessments and vulnerability testing
• Secure cloud infrastructure with access logging
• Staff training on data protection obligations
10. Data Breach Notification
11. Cookies and Tracking
12. Children's Data
13. Changes to This Policy
14. Grievance Redress Procedure
If you have a concern, complaint, or grievance regarding how your personal data has been collected, used, or handled, you may raise it with us through the following process:
1. Submit your grievance by emailing privacy@mikulhealth.com or calling +234 916 059 6636, describing the nature of your concern and the personal data involved.
2. Acknowledgement — We will acknowledge receipt of your grievance within 48 hours.
3. Investigation and Response — We will investigate the matter and provide a substantive response within 14 days of acknowledgement.
4. Resolution — Where your grievance is upheld, we will take appropriate corrective action, which may include correcting or deleting data, reviewing internal processes, or other remedial steps.
5. Escalation — If you are not satisfied with our response, you may lodge a complaint directly with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.
We are committed to resolving grievances fairly, promptly, and in good faith.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact:
Email: privacy@mikulhealth.com
Phone: +234 916 059 6636
Regulator: Nigeria Data Protection Commission (NDPC) — ndpc.gov.ng
© 2026 Mikul Healthcare Technology Limited. All rights reserved.
MIKUL HEALTH
We harness cutting-edge technology to ensure you and your loved ones receive the highest quality of home care, in the comfort of your home.
Get in touch
support@mikulhealth.com
+234 916 059 6636
Polystar Building, 4th Floor,
2nd Roundabout,
Lekki Phase 1, Lagos State,
Nigeria
© 2026 Mikul Healthcare Technology. All Rights Reserved.