Privacy Policy


Federal Medical Centre (FMC) Keffi has created this Privacy Policy to explain how we collect, use, disclose and protect your Personal Data.

We may change this Privacy Policy from time to time to reflect updates in data protection legislation as well as in our operations. If we make changes, we will notify you by revising the date at the top of this policy, and in some cases, we may provide you with additional notice (such as adding a statement to the homepages of our website or  sending you an email notification).

We encourage you to review the Privacy Policy whenever you interact with us to stay informed about our information practices and the ways you can help protect your privacy.


FMC Keffi is based in Nigeria and the information we collect is governed by the Nigeria Data Protection Regulation (NDPR). By accessing or using our Services or otherwise providing information to us, you consent to the processing and transfer of your Personal Data in, out and to Nigeria.

You accept this Privacy Policy and hereby give us consent to save, process and use your Personal Data to the extent as allowed by law when you provide us with details of your Personal Data or by clicking on the “accept[Taxtech1] ” button.


We may collect and process the following information about you: 

  • Information that you provide to us, for example when you fill out a contact or web form, or if you register to receive alerts or updates.
  • When you provide your Personal Data while signing up for a medical service
  • Personal Data that we obtain or learn, such as information about the browser or device you used to access this site, how you used this site and the pages you visit, traffic and location data.
  • When you contact our customer support whether by phone, email, or chat
  • We may also ask you for information if you experience problems when using this site. We may also ask you to complete surveys for research purposes, although you don’t have to respond to these.
  • Personal data we receive from other sources: We are working closely with third parties (including, for example, health information we receive from other medical centres/hospitals. We will notify you when we receive Personal Data about you from them and the purposes for which we intend to use that Personal Data.

We may use your personal data, including non-public personal data as follows:

  1. Provide, maintain, and improve our medical services
  2. Provide and deliver the medical services you request, process transactions and send you related information, including confirmations.
  3. Verify your identity and prevent fraud.
  4. Send you technical notices, updates, security alerts and support and administrative messages.
  5. Respond to your comments, questions and requests and provide customer service.
  6. Communicate with you about medical services, medical products, offers, promotions, rewards, and events offered by us and others, and provide news and information we think will be of interest to you.
  7. Monitor and analyse trends, usage and activities in connection with our services.
  8. Personalize and improve the services and provide advertisements, content or features that match user profiles or interests.
  9. Link or combine with information we get from others to help understand your needs and provide you with better service.
  10. Carry out any other purpose for which the Personal Data was collected.
  11. Disclose Personal Data to our employees that require the personal data to carry out their functions.

We only disclose Personal Data with other companies or individuals in the following limited circumstances:

  • We may provide such Personal Data to affiliated hospitals, medical Centre’s, companies or other trusted businesses or persons for the purpose of processing Personal Data on our behalf. We require that these parties agree to process such Personal Data based on our instructions and in compliance with extant data protection laws such as the Nigeria Data Protection Regulation (NDPR) and any other appropriate confidentiality and security measures. When they no longer need your Personal Data to fulfil this service, they will dispose of the details in line with the NDPR and our relevant contracts by either returning such Personal Data to us and/or deleting same from their systems.
  • With other non-affiliated hospitals, medical centers and companies for our everyday medical or business purposes, such as to provide healthcare services, process transactions, maintain accounts, respond to court orders and legal investigations.
  • In response to a request for Personal Data, if we are required by, or we believe disclosure is in accordance with, any applicable law, regulation or legal process.
  • With relevant law enforcement officials or other third parties, such as investigators or auditors, if we believe it is appropriate.
  • In connection with, or during negotiations of, any merger, sale of our assets, financing or acquisition of all or a portion of our business to another company; and
  • With your consent or at your direction, including if we notify you that the Personal Data you provide will be shared in a particular manner and you proceed to provide such Personal Data.
  • We may also share aggregated or de-identified or anonymized Information, which cannot reasonably be used to identify you.

When we do not have a lawful basis for disclosure of your Personal Data, we will obtain consent from you before sharing your Personal Data with third parties. Where we need to transfer your Personal Data to another country, such country must have an adequate data protection law. We will seek your consent where we need to send your Personal Data to a country without an adequate data protection law.


We take reasonable measures to help protect all Personal Data about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Additionally, we implement policies designed to protect the confidentiality and security of your Personal Data, including a Data Protection Policy.


We will hold your Personal Data in our systems for as long as it is necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements.

We limit a One-month period to respond to your access request to your Personal Data in our possession. However, if the one-month timeline cannot be met or where we determine that the request made by you is excessive in nature, we will take steps to inform you and suggest alternative courses of action such as extension of the time of which to provide the information requested or request for cost for requests of an excessive nature. FMC Keffi subjects itself to copy the regulatory authority in all such correspondence.


The Personal Data we collect from you may be transferred to and stored at a destination outside Nigeria[UAJ2] . By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely with an appropriate level of protection and that the transfer is lawful.


The law gives you certain rights in respect to your Personal Data we hold about you. Below is a highlight of some of those rights. At any point while we are in possession of or processing your Personal Data, you, the Data Subject has the following rights:

  • RIGHT OF ACCESS – You have the right to request a copy of the information that we hold about you.
  • RIGHT TO RECTIFY – You have the right to correct the Personal Data we hold about you that is inaccurate.
  • RIGHT TO BE FORGOTTEN – In certain circumstances you may ask for the data we hold about you to be erased from our record.
  • RIGHT TO RESTRICT PROCESSING – Where certain conditions apply, you have a right to restrict processing of your Personal Data.
  • RIGHT TO PORTABILITY – You have the right to have your Personal Data transferred to another organisation.
  • LODGE COMPLAINT – You have a right to lodge a complaint about the handling of your Personal Data with the National Information Technology Development Agency (NITDA) at
  • RIGHT TO OBJECT – You have the right to object to the Processing of Personal Data.

NITDA’s website ( has a wealth of useful information in respect of your rights over your Personal Data. If you wish to exercise your rights, you may wish  to contact us at [TT3] 


In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, we shall within 72 (Seventy-Two) hours of having knowledge of such breach report the details of the breach to NITDA.

Furthermore, where we ascertain that such breach is detrimental to your rights and freedoms in relation to your Personal Data, we shall within 7 (Seven) days of having knowledge of the occurrence of such breach take steps to inform you of the breach incident, the risk to your rights and freedoms resulting from such breach and any course of action to remedy said breach.


If you have any questions or concerns about this Privacy Policy or would like to contact us for any reason, you can contact us at