LoniaBack to Home

Privacy Policy

Last updated: March 2026

1. Introduction

Lonia Hospital (“Lonia”, “we”, “us”, or “our”) operates the Lonia Telemedicine platform, including the website at lonia.ng, the Lonia mobile application, and the hospital website at loniahospital.com (collectively, the “Platform”). This Privacy Policy explains how we collect, use, store, and protect your personal and health information when you use our Platform.

By using the Platform, you consent to the practices described in this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Personal Information

  • Full name, phone number, email address, and date of birth
  • Profile photograph
  • Address, city, and state of residence
  • Bank account details (for healthcare providers receiving payments)
  • Government-issued ID information (for identity verification)
  • BVN (Bank Verification Number) for identity verification

2.2 Health Information

  • Medical history, symptoms, and consultation notes
  • Prescriptions and medication records
  • Lab test orders and results
  • Allergies and existing medical conditions
  • Video consultation recordings (when applicable and with consent)

2.3 Technical Information

  • Device information (model, operating system, unique IDs)
  • Location data (GPS coordinates, city, state — used for connecting you with nearby healthcare providers)
  • App usage data and analytics
  • Push notification tokens

2.4 Payment Information

  • Transaction references and payment amounts
  • Payment card details are processed by Paystack and are never stored on our servers

3. How We Use Your Information

  • Healthcare delivery: Facilitating appointments, consultations, prescriptions, lab tests, home healthcare services, and medication deliveries
  • Account management: Verifying your identity, managing your account, and processing payments
  • Communication: Sending appointment reminders, delivery updates, lab results notifications, and payment receipts via SMS, email, WhatsApp, and push notifications
  • Service matching: Using your location to connect you with nearby doctors, health workers, pharmacies, and labs
  • Quality improvement: Analysing usage patterns to improve our services and user experience
  • Legal compliance: Meeting regulatory requirements for healthcare record keeping in Nigeria

4. Data Sharing

We share your information only as necessary:

  • Healthcare providers: Doctors, health workers, pharmacists, and lab technicians involved in your care
  • Delivery partners: Delivery personnel receive your delivery address and contact information only
  • Payment processors: Paystack processes your payment transactions securely
  • Communication services: SMS and messaging providers deliver notifications on our behalf
  • Cloud infrastructure: Data is stored on secure cloud servers

We do not sell, rent, or trade your personal or health information to third parties for marketing purposes.

5. Data Storage and Security

  • All data is encrypted in transit using TLS/SSL (HTTPS)
  • Passwords are hashed using bcrypt with a high work factor
  • Authentication tokens expire after 15 minutes with secure refresh token rotation
  • Access to health records is logged for audit compliance
  • API access is rate-limited to prevent abuse
  • Database access is restricted to authorised backend services only

6. Data Retention

We retain your data for as long as your account is active or as needed to provide our services. Medical records are retained in accordance with Nigerian healthcare regulations. You may request deletion of your account and associated data by contacting us.

7. Your Rights

In accordance with the Nigeria Data Protection Regulation (NDPR) and Nigeria Data Protection Act (NDPA), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal data (subject to legal retention requirements)
  • Withdraw consent for data processing (this may affect service availability)
  • Object to processing of your personal data for specific purposes
  • Receive your data in a portable format upon request

8. Children's Privacy

Our Platform is not intended for use by individuals under the age of 18 without parental or guardian consent. We do not knowingly collect personal information from children under 18.

9. Cookies and Tracking

The web platform uses essential cookies for authentication. We use analytics tools to understand how users interact with our Platform. You can disable cookies in your browser settings, but this may affect the functionality of the Platform.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. We will notify users of material changes through the Platform or via email.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

  • Email: info@loniahospital.com
  • Phone: +2348034712143
  • Address: Lonia Hospital, 143 DSC Express Way, Udu, Delta State, Nigeria