Our Personal Data Protection Act (PDPA) protects your personal data while enabling us and our affiliate organisations to use your data reasonably to serve you. We as a private healthcare institution, respect and keep your data safe by: 

  • limiting access to only doctors and healthcare personnel who are involved in your care and to the supporting internal processes.
  • conducting regular checks to ensure that your personal data is only accessed by authorised persons and 
  • removing details as far as possible that identify you when using your data for internal purposes. 

Please be assured that if your personal data is collected, used or disclosed for these purposes, we will protect it as required under the NDPR and other relevant legislation. Our six core data protection principles summarized below are:

Personal data (information identifying a living person) should:

  1. Be processed fairly, lawfully and transparently
  2. Be collected and processed only for specified, explicit and legitimate purposes
  3. Be adequate, relevant and limited for the purposes for which it is processed
  4. Be kept accurate and up to date. Any inaccurate data must be deleted or rectified without delay
  5. Be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed
  6. Be processed in a manner that ensures security, using appropriate technical and organisational measures

To ensure the continual improvement of the quality of the medical care being provided to you by the DIFF Medical Centre, your personal data collected by us may from time to time and where relevant, be used and disclosed within the autonomous units in the DIFF Medical Centre so that we can conduct quality assurance and service improvement audits and studies. 

We process your personal data fairly and lawfully in accordance with data subjects rights under the first Principle. This generally means that we should have a clear, transparent and informative privacy policy/notice which sets out what we do with personal data, the reasons and purposes why, where personal data is shared and transferred and how a data subject can raise a complaint if they are not happy. You can find our privacy policy here.


Feel free to write to us through the following feedback form or contact the DIFF Data Protection Officer at toluwalope.adefolalu@diffmedicalcentre.org.