Privacy Policy

1. INTRODUCTION

Welcome to Buttons Medic Center Ltd.

We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

• Visit our website: www.buttonsmedic.org
• Use our services (consultations, detox programs, events, products)
• Interact with us via email, phone, social media, or in-person
• Participate in our programs, workshops, or community initiatives

 

Please read this Privacy Policy carefully. By accessing or using our services, you consent to the practices described herein. If you do not agree with this policy, please do not use our services.

2. WHO WE ARE

Buttons Medic Center Ltd. is a herbal wellness and holistic health company registered in Nigeria and operating across Africa.

Detail	Information
Legal Name	Buttons Medic Center Limited
Registration	COMPANY REGISTRATION NO. 9463062
Head Office	Plot 20, Iya Abubakar Crescent [Herbal Wellness Hub] Abuja, Nigeria
Branches	FCT (Nigeria), Accra (Ghana)
Data Controller	Buttons Medic Center Ltd.
Data Protection Officer	privacy@buttonsmedic.org

We are committed to complying with:

• Nigeria Data Protection Act 2023 and NDPR 2019
• Ghana Data Protection Act, 2012 (Act 843)
• General Data Protection Regulation (GDPR) (for EU/UK individuals)
• Other applicable data protection laws in jurisdictions where we operate

3. INFORMATION WE COLLECT

3.1 Personal Information You Provide

Category	Examples	When Collected
Identity Data	Full name, title, date of birth, gender	Registration, consultation booking
Contact Data	Email, phone, address, emergency contact	Account creation, service delivery
Health Data	Medical history, symptoms, conditions, medications, wellness goals	Consultations, detox programs, health assessments
Financial Data	Payment details, billing address, transaction history	Product purchases, service payments
Profile Data	Preferences, feedback, survey responses, event attendance	Account management, service improvement
Communication Data	Emails, messages, call records, chat logs	Customer service, inquiries
Marketing Data	Communication preferences, campaign interactions	Newsletter subscriptions, promotions

3.2 Information Collected Automatically

Type	Purpose
Device Information	IP address, browser type, operating system, device identifiers
Usage Data	Pages visited, time spent, click patterns, referral sources
Location Data	General geographic location (country/city level)
Cookies & Tracking	Session management, analytics, personalization

3.3 Information from Third Parties

We may receive information about you from:

• Referring healthcare practitioners (with your consent)
• Payment processors (transaction confirmation only)
• Social media platforms (if you interact with our pages)
• Event partners (for co-hosted activities)
• Public sources (for verification purposes)

4. HOW WE USE YOUR INFORMATION

4.1 Primary Purposes

Purpose	Legal Basis	Data Categories Used
Service Delivery	Contractual necessity	Identity, Contact, Health, Financial
Consultations & Treatment	Explicit consent + legitimate interest	Health, Identity, Contact
Detox Program Management	Explicit consent + contractual	Health, Contact, Profile
Event Registration	Contractual necessity	Identity, Contact, Dietary preferences
Product Orders & Fulfillment	Contractual necessity	Identity, Contact, Financial, Address
Account Management	Contractual necessity	Identity, Contact, Profile
Customer Support	Legitimate interest	Communication, Identity, Contact

4.2 Secondary Purposes

Purpose	Legal Basis	Opt-Out Available
Service Improvement	Legitimate interest	N/A (aggregated/anonymized)
Research & Development	Legitimate interest + consent	Yes
Marketing Communications	Consent (or legitimate interest for existing clients)	Yes, anytime
Personalization	Consent	Yes
Fraud Prevention & Security	Legitimate interest + legal obligation	N/A
Legal Compliance	Legal obligation	N/A

 

4.3 Special Category Data: Health Information

Health information is classified as special category personal data under data protection laws. We process this information only when:

✅ You have provided explicit, informed consent
✅ Processing is necessary for preventive or occupational medicine, medical diagnosis, or provision of health care
✅ Processing is necessary for reasons of public interest in public health
✅ You have manifestly made the information public

We never sell, rent, or trade your health information to third parties.

 

 

5. LEGAL BASIS FOR PROCESSING

Under applicable data protection laws, we process your personal information based on one or more of the following legal grounds:

Legal Basis	When It Applies	Examples
Consent	You have given clear, affirmative consent	Marketing emails, health data processing, cookies
Contract	Processing is necessary to fulfill a contract with you	Service delivery, account management, order fulfillment
Legal Obligation	Processing is required by law	Tax reporting, regulatory compliance, court orders
Legitimate Interests	Processing is necessary for our legitimate interests, balanced against your rights	Website analytics, fraud prevention, service improvement
Vital Interests	Processing is necessary to protect someone’s life	Emergency medical situations
Public Interest	Processing is necessary for public health or scientific research	Anonymized health trend analysis (with safeguards)

You may withdraw consent at any time by contacting us at privacy@buttonsmedicorg. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

6. SHARING & DISCLOSURE OF INFORMATION

6.1 When We Share Your Information

Recipient	Purpose	Safeguards
Internal Team	Service delivery, account management	Confidentiality agreements, role-based access
Certified Practitioners	Consultations, treatment planning	Professional confidentiality, data minimization
Payment Processors	Transaction processing	PCI-DSS compliance, encryption
IT & Cloud Service Providers	Website hosting, data storage, security	Data processing agreements, security standards
Marketing Platforms	Email campaigns, analytics (with consent)	Anonymization where possible, opt-out mechanisms
Legal/Regulatory Authorities	Compliance with legal obligations	Limited to required information, legal basis documented
Business Successors	Merger, acquisition, or asset transfer	Confidentiality obligations, notice to affected individuals

6.2 When We Do NOT Share Your Information

❌ We do not sell your personal information to third parties
❌ We do not share health data for marketing purposes
❌ We do not disclose consultation details without your explicit consent (except where legally required)
❌ We do not share your information with unverified third parties

6.3 Aggregated & Anonymized Data

We may share aggregated, anonymized, or de-identified data for:

• Research and public health insights
• Service improvement analytics
• Industry reporting

This data cannot reasonably be used to identify you.

7. DATA RETENTION

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

Data Category	Retention Period	Rationale
Account Information	Duration of account + 5 years	Service continuity, legal compliance
Consultation Records	10 years from last interaction	Medical record-keeping standards, legal requirements
Health Assessment Data	10 years from last interaction	Clinical best practices, continuity of care
Transaction Records	7 years	Tax and financial regulatory requirements
Marketing Preferences	Until withdrawal of consent + 2 years	Record of consent status
Website Usage Data	26 months	Analytics and improvement purposes
Event Registration Data	3 years post-event	Follow-up, feedback, community building
Job Application Data	2 years from application	Future opportunities, legal compliance

At the end of the retention period, we securely delete or anonymize your data.

 

 

8. YOUR RIGHTS & CHOICES

8.1 Your Data Protection Rights

Depending on your location and applicable law, you have the following rights:

Right	Description	How to Exercise
Access	Request a copy of your personal data	Email privacy@buttonsmedic.org
Rectification	Request correction of inaccurate data	Update via account portal or contact us
Erasure (“Right to be Forgotten”)	Request deletion of your data	Email privacy@buttonsmedic.org
Restriction	Request limitation of processing	Email privacy@buttonsmedic.org
Portability	Request transfer of your data to another provider	Email privacy@buttonsmedic.org
Object	Object to processing based on legitimate interest	Email privacy@buttonsmedic.org
Withdraw Consent	Withdraw consent at any time	Use unsubscribe link or contact us
Complain	Lodge a complaint with a supervisory authority	See Section 16: Regulatory Contacts

8.2 Marketing Preferences

You can manage your communication preferences at any time:

✅ Unsubscribe from emails: Click “Unsubscribe” in any marketing email
✅ Update Preferences: Log into your account at www.buttonsmediccenter.com/account
✅ Contact Us: Email privacy@buttonsmedic.org  with your request

Note: Even if you opt out of marketing, we may still send you service-related communications (e.g., appointment confirmations, policy updates).

8.3 Cookies & Tracking Preferences

You can manage cookies through:

• Your browser settings
• Our Cookie Consent Manager (when you visit our website)
• Opt-out tools for third-party analytics (e.g., Google Analytics Opt-out)

 

9. DATA SECURITY MEASURES

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

9.1 Technical Safeguards

Measure	Description
Encryption	Data encrypted in transit (TLS/SSL) and at rest
Access Controls	Role-based access, multi-factor authentication for staff
Secure Infrastructure	Hosted on ISO 27001-certified cloud platforms
Regular Testing	Vulnerability assessments, penetration testing
Backup & Recovery	Encrypted backups with disaster recovery protocols

9.2 Organizational Safeguards

Measure	Description
Staff Training	Regular data protection and confidentiality training
Confidentiality Agreements	……………………………………………….
Data Minimization	Collect only what is necessary for stated purposes
Incident Response	Documented breach response plan with 72-hour notification protocol
Vendor Management	Due diligence and contracts with all third-party processors

9.3 Your Role in Security

✅ Use strong, unique passwords for your account
✅ Enable two-factor authentication if available
✅ Keep your contact information up to date
✅ Log out of shared devices
✅ Report suspicious activity to security@buttonsmedic.org

 

 

 

10. COOKIES & TRACKING TECHNOLOGIES

10.1 What Are Cookies?

Cookies are small text files placed on your device to enhance website functionality, analyze usage, and personalize your experience.

10.2 Types of Cookies We Use

Category	Purpose	Duration	Can You Opt Out?
Essential	Website functionality, security, account access	Session to 1 year	No (required for service)
Performance/Analytics	Understand how visitors use our site	Up to 26 months	Yes
Functional	Remember preferences, personalize experience	Up to 1 year	Yes
Marketing/Advertising	Deliver relevant ads, measure campaign effectiveness	Up to 13 months	Yes

10.3 Managing Cookies

You can manage cookies via:

• Browser Settings: Most browsers allow you to block or delete cookies
• Cookie Consent Manager: Available on our website banner
• Third-Party Opt-Outs:

• Google Analytics: https://tools.google.com/dlpage/gaoptout
• Facebook: https://www.facebook.com/settings?tab=ads

Note: Disabling essential cookies may limit your ability to use our services.

 

 

 

 

 

11. THIRD-PARTY LINKS

Our website and communications may contain links to third-party websites, services, or applications (e.g., social media, payment processors, partner organizations).

Important: This Privacy Policy applies only to Buttons Medic Center. We are not responsible for the privacy practices, content, or security of third-party sites. We encourage you to review their privacy policies before providing any personal information.

12. CHILDREN’S PRIVACY

Our services are generally intended for individuals aged 18 and above.

12.1 Minors (Under 18)

• We do not knowingly collect personal information from children under 18 without verifiable parental consent.
• If you are a parent or guardian and believe your child has provided us with information, please contact us immediately at privacy@buttonsmedicorg.
• For wellness programs involving minors, parental/guardian consent and participation are required.

12.2 Young Adults (16-17)

In jurisdictions where individuals aged 16-17 may consent to certain services (e.g., wellness consultations), we:

• Require parental/guardian notification
• Apply enhanced privacy safeguards
• Limit data collection to what is strictly necessary

13. INTERNATIONAL DATA TRANSFERS

Buttons Medic Center operates across Nigeria, Ghana, and potentially other jurisdictions. Your information may be transferred to, stored, or processed in countries other than your own.

13.1 Safeguards for International Transfers

When transferring personal data internationally, we ensure appropriate safeguards are in place:

✅ Adequacy Decisions: Transfers to countries with adequate data protection laws
✅ Standard Contractual Clauses (SCCs): EU-approved contractual safeguards
✅ Binding Corporate Rules: For intra-group transfers (if applicable)
✅ Explicit Consent: Where required by law, we obtain your consent for specific transfers

13.2 Countries Where Data May Be Processed

Country	Purpose	Safeguards
Nigeria	Primary operations, data storage	NDPR compliance, local data centers
Ghana	Branch operations, client services	Data Protection Act compliance
[Other jurisdictions]	Cloud services, analytics	SCCs, encryption, vendor agreements

You may request details of specific transfers by contacting privacy@buttonsmedicorg.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically to reflect:

• Changes in our services or practices
• Updates to applicable laws or regulations
• Technological advancements or security improvements

14.1 How We Notify You of Changes

Change Type	Notification Method
Material changes	Email notice + website banner + 30-day advance notice
Minor updates	Updated “Last Updated” date + website notice
Legal requirement changes	Immediate update + notification where required

14.2 Your Continued Use

By continuing to use our services after changes take effect, you acknowledge and accept the updated Privacy Policy. If you do not agree, please discontinue use and contact us to discuss your options.

 

 

 

 

 

 

15. CONTACT INFORMATION

15.1 Data Protection Inquiries

For questions about this Privacy Policy, your personal information, or to exercise your rights:

Email: privacy@buttonsmedic.org
Phone: +234-9035188786    (Nigeria) | +233-0505547073 (Ghana)
Mail: info@buttonsmedic.org
Buttons Medic Center Ltd.
Attn: Data Protection Officer
20, Iya Abubakar Crescent [Herbal Wellness Hub] Abuja, Nigeria

Response Time: We aim to respond to all privacy inquiries within 15 business days.

15.2 General Inquiries

📧 Email: info@buttonsmediccenter.com
🌐 Website: www.buttonsmediccenter.com/contact
📱 Social Media: @ButtonsMedicCenter (Instagram, Facebook, LinkedIn)

16. REGULATORY CONTACTS

If you believe we have not addressed your concern satisfactorily, you have the right to lodge a complaint with a data protection authority.

Nigeria

Nigeria Data Protection Commission (NDPC)
Website: https://ndpc.gov.ng
Email: complaint@ndpc.gov.ng

Ghana

Data Protection Commission (DPC) Ghana
Address: No. 23 Julius Nyerere Road, Cantonments, Accra
Website: https://www.dataprotection.org.gh
Email: complaint@dataprotection.org.gh

 Phone: +233 302 742 074

 

European Union / United Kingdom

If you are in the EU/UK, you may contact your local supervisory authority:
List of Authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en