Privacy Policy — Mordelt Healthcare

1. Introduction

Mordelt Healthcare ("we", "us", or "our") is committed to protecting and respecting your privacy. Mordelt Healthcare is a trading name of Mordelt Group. We are a subsidiary of Mordelt Group and Mordelt Capital.

This Privacy Policy explains how we collect, use, store, and disclose your personal data when you access our website, use our AI-powered healthcare platform, engage with our generic medicines distribution services, or interact with our capital deployment arm. It also describes your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We operate across the United Kingdom and West Africa, with offices in London, Lagos, and Accra. Where we process personal data of individuals in the UK, we do so in accordance with UK data protection law. Where we process data of individuals in other jurisdictions, we comply with applicable local data protection legislation.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use our services.

2. Data Controller

For the purposes of applicable data protection law, the data controller is:

Mordelt Healthcare (a trading name of Mordelt Group)
London, United Kingdom
Email: info@mordelthealthcare.com

3. Information We Collect

We may collect and process the following categories of personal data:

3.1 Information you provide directly

Identity data: name, title, date of birth, gender.
Contact data: email address, telephone number, postal address.
Account data: username, password, account preferences.
Professional data: job title, employer, professional qualifications (where relevant to our services).
Correspondence data: any information you provide when you contact us, submit enquiries, or fill in forms on our website.
Investment and partnership data: information provided when engaging with our capital deployment arm, including financial information, company details, and investment preferences.

3.2 Health data (special category data)

Where you use our AI-powered healthcare platform, we may process health-related personal data, including:

Symptoms, medical history, and clinical triage information.
Chronic disease management data (e.g. diabetes, hypertension, cardiovascular conditions).
Medication information and prescription history.

Health data is classified as special category data under UK GDPR. We process this data only with your explicit consent, or where processing is necessary for the provision of health or social care, or for reasons of substantial public interest, in accordance with Article 9 of the UK GDPR and Schedule 1 of the Data Protection Act 2018.

3.3 Information collected automatically

Technical data: IP address, browser type and version, operating system, device identifiers, time zone setting.
Usage data: pages visited, time spent on pages, navigation paths, referral source, click-stream data.
Location data: approximate geographic location derived from your IP address.

3.4 Information from third parties

We may receive personal data from third parties, including analytics providers, advertising networks, healthcare partners, pharmaceutical distributors, and publicly available sources.

4. How We Use Your Data

We use your personal data for the following purposes, relying on the legal bases indicated:

4.1 Performance of a contract

To provide and manage our AI-powered healthcare platform, including clinical triage, chronic disease management, and ambient documentation services.
To facilitate the distribution and supply of generic medicines.
To manage your account and provide customer support.
To process partnership, investment, or business enquiries.

4.2 Legitimate interests

To improve, personalise, and optimise our services, website, and user experience.
To conduct analytics and research to enhance our platform and products.
To protect against fraud, unauthorised access, and other security threats.
To administer and protect our business, including troubleshooting, system maintenance, and reporting.
To communicate with you about updates, changes, or developments relevant to our services.

4.3 Consent

To process special category data (health data) through our healthcare platform.
To send you marketing communications where you have opted in.
To place non-essential cookies on your device (see Section 6).

4.4 Legal obligation

To comply with applicable laws, regulations, and legal processes.
To respond to lawful requests from public authorities, including regulatory bodies and law enforcement.
To meet our obligations under healthcare and pharmaceutical regulations in the UK, Nigeria, Ghana, and other applicable jurisdictions.

5. Sharing Your Data

We may share your personal data with the following categories of recipients:

Group companies: Mordelt Group and Mordelt Capital, for internal administration, business operations, and the provision of integrated services.
Healthcare providers and partners: where necessary for the delivery of healthcare services, clinical triage, or the supply of medicines.
Pharmaceutical distributors and suppliers: to facilitate the distribution of generic medicines across our operating markets.
Technology service providers: hosting providers, cloud infrastructure, analytics platforms, and other technology partners that assist us in operating our platform and services.
Professional advisers: lawyers, auditors, accountants, and insurers who provide consultancy, legal, insurance, and accounting services.
Regulatory authorities: government bodies, regulators, and law enforcement agencies, where required by law or in response to a lawful request.

We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law. We do not permit third-party service providers to use your personal data for their own purposes; they may only process your data for specified purposes and in accordance with our instructions.

6. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users, to improve your browsing experience, and to help us understand how our website is used.

6.1 Types of cookies we use

Strictly necessary cookies: essential for the operation of our website. These do not require your consent.
Performance and analytics cookies: allow us to recognise and count visitors and to understand how visitors navigate our website. These help us improve the way our website works.
Functionality cookies: used to recognise you when you return to our website and to personalise content for you.
Targeting cookies: used to record your visit, the pages you have visited, and the links you have followed, in order to make our website and communications more relevant to your interests.

6.2 Managing cookies

You can set your browser to refuse all or some cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of our website may become inaccessible or not function properly. For more information on how to manage cookies, visit www.allaboutcookies.org.

7. Third-Party Services

Our platform and services may integrate with or rely on third-party services, including:

Cloud infrastructure providers for data hosting and processing.
AI and machine learning platforms used in our clinical triage and chronic disease management tools.
Analytics services (such as Google Analytics) to monitor and analyse website traffic and usage patterns.
Payment processors for the processing of transactions.
Communication tools for customer support and business correspondence.

These third parties may have access to your personal data only to the extent necessary to perform their functions and are obligated not to disclose or use it for any other purpose. We encourage you to review the privacy policies of any third-party service you interact with through our platform.

8. International Data Transfers

As we operate in the United Kingdom and West Africa (Nigeria and Ghana), your personal data may be transferred to, stored in, and processed in countries outside the United Kingdom. Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place, in accordance with UK GDPR, including:

Transfers to countries that the UK Secretary of State has determined provide an adequate level of data protection.
Use of Standard Contractual Clauses (International Data Transfer Agreement or the International Data Transfer Addendum to the EU Standard Contractual Clauses) approved by the Information Commissioner's Office (ICO).
Other lawful transfer mechanisms as permitted under UK data protection law.

If you would like further information about the specific safeguards applied to the export of your personal data, please contact us at info@mordelthealthcare.com.

9. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, whether we can achieve those purposes through other means, and applicable legal, regulatory, and professional obligations.

In general:

Account data is retained for the duration of your account and for up to 2 years following account closure.
Health data is retained in accordance with applicable medical records retention requirements. In the UK, this is typically a minimum of 8 years for adults, or longer where required by NHS or regulatory guidance.
Transaction records are retained for a minimum of 6 years to meet financial and tax reporting obligations.
Marketing data is retained until you withdraw consent or unsubscribe, plus a reasonable suppression period.
Technical and analytics data is typically retained for up to 26 months.

When personal data is no longer required, we will securely delete or anonymise it.

10. Your Rights Under UK Data Protection Law

Under the UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

Right of access: you have the right to request a copy of the personal data we hold about you (a "subject access request").
Right to rectification: you have the right to request that we correct any inaccurate or incomplete personal data.
Right to erasure: you have the right to request that we delete your personal data, subject to certain legal exceptions (the "right to be forgotten").
Right to restrict processing: you have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to data portability: you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit it to another controller.
Right to object: you have the right to object to the processing of your personal data where we rely on legitimate interests as our legal basis, or where your data is processed for direct marketing purposes.
Right to withdraw consent: where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Rights relating to automated decision-making: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain conditions are met.

To exercise any of these rights, please contact us at info@mordelthealthcare.com. We will respond to your request within one month of receipt. In certain circumstances, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. You can contact the ICO at ico.org.uk or by telephone on 0303 123 1113.

11. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

Encryption of data in transit and at rest.
Access controls and authentication mechanisms.
Regular security assessments and vulnerability testing.
Staff training on data protection and information security.
Incident response procedures for managing data breaches.

While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your data.

12. Children's Privacy

Our services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at info@mordelthealthcare.com and we will take steps to delete such data.

Where our healthcare platform is used in connection with the care of individuals aged 13 to 17, we may process their data with appropriate parental or guardian consent, and in accordance with the ICO's Age Appropriate Design Code (Children's Code).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes, we will notify you by posting the updated policy on our website with a revised effective date.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:

Mordelt Healthcare (a trading name of Mordelt Group)
Email: info@mordelthealthcare.com

We aim to respond to all enquiries within 48 hours.