Privacy Policy

FASTLAB PRIVACY POLICY

Effective Date: December 24, 2025

Jurisdiction: Nigeria

1. OVERVIEW

Fastlab provides an integrated ecosystem for laboratory information management. Under this agreement, we process data on behalf of the Laboratory for the purposes outlined below. We adhere strictly to the principles of lawfulness, transparency, and data minimization as mandated by the Nigeria Data Protection Commission (NDPC).

2. SCOPE OF SERVICES AND DATA PROCESSING

Fastlab provides an integrated ecosystem for laboratory information management. Under this agreement, we process data on behalf of the Laboratory for the following purposes:

Diagnostic Reporting:

Processing patient test results for delivery to clinicians.

Logistics Management:

Tracking sample transit from collection points to the Laboratory.

Operational Analytics:

Providing the Laboratory with throughput and efficiency metrics.

3. DATA CATEGORIES

The Laboratory authorizes Fastlab to process the following data categories:

Patient Identifiers:

  • Name
  • Sex
  • DOB
  • Unique Patient ID

Clinical Data:

  • Test types (e.g., Hematology, Biochemistry)
  • Specimen details
  • Final results

Staff Data:

  • Laboratory scientist credentials
  • System access logs

4. OBLIGATIONS OF THE LABORATORY (DATA CONTROLLER)

As the Controller, the Laboratory warrants that:

Lawful Basis:

It has obtained explicit consent from patients to share their data with third-party service providers like Fastlab.

Accuracy:

It is responsible for the clinical accuracy of the data entered into the Fastlab system.

Patient Rights:

It will handle direct requests from patients regarding their "Right to Rectification" or "Right to Erasure".

5. FASTLAB'S SECURITY GUARANTEES (DATA PROCESSOR)

Fastlab implements rigorous technical safeguards to protect Laboratory assets:

Isolation:

Data from different laboratories is logically separated via multi-tenant architecture to prevent cross-contamination.

Encryption:

Use of Advanced Encryption Standard (AES) 256-bit at rest.

Integrity:

Immutable audit logs ensure that test results cannot be altered without leaving a permanent record.

Sub-Processing:

Fastlab will not engage third-party sub-processors (e.g., cloud hosts) without notifying the Laboratory and ensuring they meet NDPA adequacy standards.

6. DATA LOCALIZATION AND TRANSFERS

In alignment with Nigerian law, Fastlab prioritizes local data residency. Any transfer of laboratory data outside Nigerian borders is strictly governed by the NDPC's Whitelist or Standard Contractual Clauses (SCCs).

7. CONFIDENTIALITY AND NON-DISCLOSURE

Fastlab staff are bound by strict non-disclosure agreements (NDAs). We do not "sell" or monetize patient data. Anonymized data may only be used for aggregate public health reporting when mandated by the NCDC or Federal Ministry of Health.

8. CONTACT INFORMATION

For grievances or data access requests, contact our Data Protection Officer (DPO):

Regulatory Liaison:

Nigeria Data Protection Commission (NDPC)