Privacy policy

1. INTRODUCTION

Community Health Institute (“CHI,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

Visit our website (www.chi.edu.ng)
Use our Learning Management System (LMS) at lms.chi.edu.ng
Download and use our mobile applications (“CHI Learning” for iOS and Android)
Make payments through our integrated payment gateways
Interact with our services via email, SMS, or other communication channels

Please read this Privacy Policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. INFORMATION WE COLLECT

2.1 Personal Information You Provide

We collect information that you voluntarily provide to us when you:

During Registration/Application:

Full name
Date of birth
Gender
Email address
Phone number(s)
Residential address
State of origin
Nationality
Next of kin information
Emergency contact details
Passport photograph
Educational qualifications and certificates
Professional registration numbers (where applicable)
Employment information
National identification numbers (NIN, BVN, where required for verification)

During Course Enrollment:

Programme/course selections
Academic history
Professional experience
Areas of specialisation
Learning preferences

During Payment Transactions:

Billing information
Payment method details (processed securely by our payment partners)
Transaction history
Invoice and receipt information

During Platform Use:

Course submissions and assignments
Forum posts and discussions
Messages and communications
Feedback and survey responses
Support inquiries

2.2 Information Automatically Collected

When you access our website, LMS, or mobile applications, we automatically collect certain information:

Device Information:

Device type, model, and operating system
Unique device identifiers
Mobile network information
IP address
Browser type and version
Screen resolution

Usage Information:

Pages visited and content accessed
Time and date of visits
Time spent on pages
Course progress and completion rates
Login frequency and duration
Click patterns and navigation paths
Search queries
Files downloaded or uploaded

Location Information:

General location based on IP address
Precise location (only if you grant permission on mobile apps)

2.3 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience:

Essential Cookies:

Session management
Authentication and security
Load balancing

Functional Cookies:

Language preferences
Display settings
Remembering your choices

Analytics Cookies:

Understanding how you use our services
Identifying popular content
Improving platform performance

Third-Party Cookies:

Payment gateway cookies (Paystack, Flutterwave, Remita)
Analytics services (Google Analytics)
Social media integration

You can control cookies through your browser settings, but disabling certain cookies may limit functionality.

2.4 Information from Third Parties

We may receive information about you from:

Academic Partners:

Nasarawa State University, Keffi (NSUK) for programme coordination
Previous educational institutions (for transcript verification)

Professional Bodies:

CHPRBN registration status and credentials
Other relevant professional regulatory bodies

Payment Processors:

Transaction confirmation and verification
Payment status updates

Communication Service Providers:

Email delivery status
SMS delivery confirmations

3. HOW WE USE YOUR INFORMATION

3.1 Primary Uses

We use the collected information to:

Academic Services:

Process applications and admissions
Enrol you in courses and programmes
Deliver educational content via LMS and mobile apps
Track academic progress and performance
Issue grades, certificates, and transcripts
Provide academic advising and support
Facilitate instructor-student communication
Organise examinations and assessments

Administrative Services:

Manage your student account
Process fee payments and issue receipts
Send important notifications and announcements
Respond to inquiries and support requests
Maintain accurate institutional records
Verify credentials and qualifications
Comply with regulatory requirements (CHPRBN, NSUK)

Communication:

Send admission updates and decisions
Provide course-related notifications
Share important deadline reminders
Deliver newsletters and institutional updates
Send payment confirmations and receipts
Notify about technical issues or maintenance
Conduct surveys and gather feedback

Platform Improvement:

Analyse usage patterns to improve functionality
Identify and fix technical issues
Enhance user experience
Develop new features and services
Optimise mobile app performance
Improve course content delivery

Security and Fraud Prevention:

Verify identity and prevent unauthorised access
Detect and prevent fraudulent activities
Monitor payment transactions for security
Protect against spam and abuse
Ensure compliance with terms of service

Legal Compliance:

Meet regulatory and statutory obligations
Respond to legal requests and court orders
Enforce our terms and conditions
Protect our rights and property
Comply with CHPRBN and NSUK requirements

3.2 Marketing and Promotional Uses

With your consent, we may use your information to:

Send information about new programmes and courses
Share research and training opportunities
Invite you to workshops, conferences, and events
Provide alumni updates and networking opportunities
Send scholarship and funding announcements

You can opt out of marketing communications at any time by clicking the “unsubscribe” link in emails or contacting us directly.

4. HOW WE SHARE YOUR INFORMATION

4.1 Academic Partners

Nasarawa State University, Keffi (NSUK): We share the necessary academic information with NSUK for:

Programme coordination and quality assurance
Degree award and certificate issuance
Academic record maintenance
Compliance with university requirements

Community Health Practitioners Registration Board of Nigeria (CHPRBN): We share information required for:

Professional accreditation compliance
Graduate registration eligibility verification
Programme quality monitoring
Regulatory reporting

4.2 Service Providers

We engage trusted third-party service providers who process information on our behalf:

Payment Processors:

Paystack, Flutterwave, Remita: For secure payment processing
These services have their own privacy policies
We do not store complete payment card details

Communication Services:

Email Service Providers: For sending emails and notifications
SMS Gateway Providers: For sending text message alerts
These providers only access information necessary for service delivery

Cloud Hosting and Storage:

Hosting Providers: For secure data storage and platform hosting
Server providers with data centres in Nigeria and internationally
All providers comply with international security standards

Analytics Services:

Google Analytics: For website and app usage analysis (anonymised data)
LMS Analytics Tools: For learning analytics and reporting

Technology Partners:

Mobile App Development Platforms: For iOS and Android app maintenance
Learning Management System Provider: For LMS infrastructure

4.3 Legal and Regulatory Authorities

We may disclose information when required by law or to:

Comply with legal obligations, court orders, or subpoenas
Respond to lawful requests from government authorities
Protect our legal rights and property
Investigate potential violations of our terms
Protect the safety of students, staff, or the public

4.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your information may be transferred to the successor entity, subject to this Privacy Policy.

4.5 With Your Consent

We may share information with other parties when you provide explicit consent, such as:

Sharing achievements with potential employers (with your permission)
Publishing testimonials or success stories (with your approval)
Facilitating internship or job placements (upon your request)

4.6 We Do NOT:

Sell your personal information to third parties
Share your information for third-party marketing without consent
Publicly disclose sensitive personal information
Share information with unauthorised parties

5. DATA SECURITY

5.1 Security Measures

We implement comprehensive security measures to protect your information:

Technical Security:

SSL/TLS encryption for all data transmission
Encrypted data storage
Secure authentication systems
Regular security audits and penetration testing
Firewall protection
Intrusion detection and prevention systems
Regular security updates and patches

Access Controls:

Role-based access restrictions
Multi-factor authentication for sensitive systems
Password complexity requirements
Automatic session timeouts
Regular access reviews

Organisational Security:

Staff training on data protection
Confidentiality agreements for all personnel
Clear data handling policies and procedures
Incident response protocols
Regular security awareness training

Payment Security:

PCI DSS-compliant payment processing
No storage of complete payment card details
Tokenised payment information
Secure payment gateway integration

Mobile App Security:

Encrypted data transmission
Secure local data storage
Biometric authentication options (fingerprint, Face ID)
Regular security updates

5.2 Data Backup and Recovery

Automated daily backups
Secure off-site backup storage
Disaster recovery procedures
Regular backup testing

5.3 Your Responsibilities

You also play a role in protecting your information:

Keep your login credentials confidential
Use strong, unique passwords
Log out after using shared devices
Enable two-factor authentication when available
Report suspicious activity immediately
Keep your contact information updated

5.4 Limitations

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security against unauthorised access, hacking, data loss, or other breaches. You use our services at your own risk.

6. DATA RETENTION

6.1 Retention Periods

We retain your information for as long as necessary to fulfil the purposes outlined in this Privacy Policy:

Active Student Records: Retained throughout your enrollment and for the duration of your programme.

Academic Records:

Transcripts, grades, certificates: Maintained permanently for verification purposes
Course materials and submissions: Retained for 7 years after programme completion
Assessment records: Retained for 7 years

Financial Records:

Payment transactions: Retained for 7 years for accounting and tax purposes
Invoices and receipts: Retained for 10 years

Communication Records:

Email correspondence: Retained for 3 years
SMS notifications: Retained for 1 year
Support tickets: Retained for 3 years

Website and LMS Usage Data:

Login logs: Retained for 2 years
Activity logs: Retained for 1 year
Analytics data: Retained for 3 years (anonymised)

Alumni Records:

Basic contact information: Retained indefinitely for alumni relations (unless you request deletion)
Academic credentials: Retained permanently

6.2 Legal and Regulatory Requirements

Some information must be retained longer to comply with:

Nigerian data retention laws
CHPRBN regulatory requirements
NSUK academic record requirements
Tax and financial regulations
Legal obligations

6.3 Deletion After Retention Period

When retention periods expire, we securely delete or anonymise information unless:

Legal obligations require continued retention
Ongoing disputes or investigations necessitate retention
Legitimate business purposes require retention

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability

You have the right to:

Access your personal information that we hold
Request a copy of your data in a portable format
Receive information about how we process your data

How to Exercise: Contact privacy@chi.edu.ng with your request.

7.2 Correction and Update

You have the right to:

Correct inaccurate information
Update outdated information
Complete incomplete information

How to Exercise: Log in to your student portal to update your information, or contact registrar@chi.edu.ng.

7.3 Deletion (Right to be Forgotten)

You have the right to request deletion of your information in certain circumstances:

Information is no longer necessary for its original purpose
You withdraw consent (where consent is the basis for processing)
Information has been unlawfully processed
Deletion is required by law

Limitations: We may retain information if:

Required by law or regulation
Necessary for legal claims or defence
Required for academic record integrity
Needed for CHPRBN or NSUK compliance

How to Exercise: Submit a written request to privacy@chi.edu.ng.

7.4 Restriction and Objection

You have the right to:

Restrict processing in specific circumstances
Object to processing based on legitimate interests
Object to direct marketing (opt-out anytime)

How to Exercise: Contact privacy@chi.edu.ng with your request.

7.5 Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time:

Unsubscribe from marketing emails via the link provided
Disable cookies through browser settings
Revoke app permissions in device settings
Contact us to withdraw consent for other processing

Note: Withdrawing consent does not affect the lawfulness of processing before withdrawal and may limit your ability to use certain services.

7.6 Complaint

If you believe we have violated your privacy rights, you have the right to:

File a complaint with CHI’s Data Protection Officer
Lodge a complaint with Nigeria’s data protection authority (NITDA)
Seek legal remedies

Contact: dpo@chi.edu.ng

7.7 Response Time

We will respond to your requests within:

30 days for most requests
45 days for complex requests (with notification of extension)

8. CHILDREN’S PRIVACY

CHI’s services are intended for individuals 18 years and older. We do not knowingly collect information from children under 18 without parental consent.

If you are under 18:

You must have parental or guardian consent to use our services
Your parent/guardian must review this Privacy Policy
Your parent/guardian may exercise rights on your behalf

If we discover we have collected information from a child under 18 without proper consent, we will delete it promptly.

Parents/Guardians: If you believe we have collected information from your child without consent, contact privacy@chi.edu.ng immediately.

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Location

Your information may be transferred to and processed in:

Nigeria (primary data storage)
Countries where our service providers operate
Countries where cloud storage servers are located

9.2 Transfer Safeguards

When transferring data internationally, we ensure adequate protection through:

Standard contractual clauses
Service provider agreements with data protection obligations
Compliance with international data protection standards
Adequate security measures

9.3 Your Consent

By using our services, you consent to the transfer of your information to countries outside Nigeria, subject to the protections described in this Privacy Policy.

10. THIRD-PARTY LINKS AND SERVICES

10.1 External Links

Our website and LMS may contain links to third-party websites, including:

CHPRBN website
NSUK website
Research resources
Academic journals
Partner institutions

We are not responsible for:

Privacy practices of third-party websites
Content on external sites
Security of information you provide to third parties

Recommendation: Review the privacy policies of any third-party sites you visit.

10.2 Third-Party Services

We integrate third-party services that have their own privacy policies:

Payment Gateways:

Paystack: https://paystack.com/privacy
Flutterwave: https://flutterwave.com/privacy-policy
Remita: https://www.remita.net/privacy-policy

Social Media: If you interact with our social media pages (Facebook, Twitter, LinkedIn, Instagram), those platforms’ privacy policies apply.

Email and SMS Providers: Our communication service providers process information according to their privacy policies and our data processing agreements.

10.3 Single Sign-On (SSO)

If we offer SSO options (e.g., Google, Microsoft), using these services shares certain information with those providers according to their privacy policies.

11. MOBILE APPLICATION SPECIFIC PROVISIONS

11.1 App Permissions

Our mobile apps (“CHI Learning” for iOS and Android) may request the following permissions:

Required Permissions:

Internet Access: To sync data and access online content
Storage: To download course materials for offline access
Notifications: To receive important alerts and updates

Optional Permissions (require your consent):

Camera: To capture and upload photos/documents for assignments
Location: To provide location-based services (attendance verification, nearby facilities)
Biometric Authentication: For convenient and secure login (fingerprint, Face ID)

Managing Permissions:

iOS: Settings > Privacy > [Permission Type] > CHI Learning
Android: Settings > Apps > CHI Learning > Permissions

11.2 Offline Data

When you download content for offline access:

Data is stored securely on your device
Encrypted storage protects your information
You can delete downloaded content anytime
Data syncs when you reconnect to the internet

11.3 App Analytics

Our mobile apps collect analytics to improve performance:

App crashes and errors
Feature usage statistics
Device and OS information
Session duration and frequency

This data is anonymised and used solely for app improvement.

11.4 Push Notifications

You can control push notifications:

Enable/disable in app settings
Manage notification types (assignments, grades, announcements)
Configure notification times (e.g., quiet hours)

iOS: Settings > Notifications > CHI Learning
Android: Settings > Apps > CHI Learning > Notifications

11.5 Uninstalling the App

When you uninstall the app:

Locally stored data is removed from your device
Your account and data on our servers remain intact
You can reinstall and access your account anytime

To permanently delete your account data, you must request account deletion separately.

12. COOKIES POLICY

12.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website or use our services. They help us provide better functionality and understand how you use our services.

12.2 Types of Cookies We Use

Strictly Necessary Cookies:

Essential for website and LMS functionality
Enable login and authentication
Remember your session
Cannot be disabled without affecting functionality

Functional Cookies:

Remember your preferences (language, display settings)
Enhance user experience
Provide personalised features

Performance/Analytics Cookies:

Collect anonymous usage statistics
Help us understand how visitors use our site
Identify popular content and features
Improve website performance

Targeting/Advertising Cookies:

We currently do not use advertising cookies
If implemented in the future, we will update this policy

12.3 Third-Party Cookies

Third-party services may set their own cookies:

Google Analytics (analytics)
Payment gateways (payment processing)
Video platforms (embedded content)

12.4 Managing Cookies

Browser Settings: You can control cookies through your browser:

Chrome: Settings > Privacy and Security > Cookies
Firefox: Options > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Edge: Settings > Privacy > Cookies

Impact of Disabling Cookies:

May impair website functionality
May prevent login to LMS
May limit personalisation features
Essential cookies cannot be disabled

Cookie Consent: When you first visit our website, you’ll see a cookie banner allowing you to:

Accept all cookies
Customise cookie preferences
Reject non-essential cookies

12.5 Cookie Duration

Session Cookies: Deleted when you close your browser
Persistent Cookies: Remain on your device for a specified period (typically 1-12 months)

13. CHANGES TO THIS PRIVACY POLICY

13.1 Updates

We may update this Privacy Policy to reflect:

Changes in our practices
New features or services
Legal or regulatory requirements
Technological developments

13.2 Notification of Changes

When we make significant changes, we will:

Update the “Last Updated” date at the top
Post a prominent notice on our website
Send email notification to registered users
Request renewed consent where required by law

13.3 Continued Use

Your continued use of our services after changes constitutes acceptance of the updated Privacy Policy. If you disagree with changes, you should discontinue use and may request account deletion.

13.4 Version History

Previous versions of this Privacy Policy are available upon request at privacy@chi.edu.ng.

14. CONTACT US

14.1 Data Protection Officer

For privacy-related questions, concerns, or requests:

Email: dpo@chi.edu.ng
Alternative Email: privacy@chi.edu.ng
Phone: 0805 351 3944
Mail: Data Protection Officer
Community Health Institute
Plot 379 EFAB Estate Road, Life Camp
Jabi District, Abuja
Federal Capital Territory, Nigeria

14.2 General Contact

CHI Main Office:
Email: info@chi.edu.ng
Phone: 0805 351 3944 | 0802 056 1233
Website: www.chi.edu.ng

14.3 Specific Departments

Academic Records: director@chi.edu.ng
Technical Support: support@chi.edu.ng
Payment Issues: finance@chi.edu.ng
General Inquiries: info@chi.edu.ng

14.4 Office Hours

Monday – Friday: 8:00 AM – 5:00 PM (West Africa Time)
Emergency security issues may be reported 24/7 to security@chi.edu.ng

14.5 Response Time

We aim to respond to all privacy inquiries within:

48 hours for urgent security matters
5 business days for general inquiries
30 days for formal data subject requests

15. LEGAL BASIS FOR PROCESSING

We process your personal information based on the following legal grounds:

Contract Performance: Processing necessary to fulfil our contractual obligations as an educational institution (enrollment, course delivery, certification).

Legal Obligations: Processing required to comply with Nigerian law, CHPRBN regulations, NSUK requirements, and other legal obligations.

Legitimate Interests: Processing necessary for our legitimate interests in:

Improving educational services
Ensuring platform security
Conducting research
Alumni relations
Fraud prevention

Consent: Processing based on your explicit consent for:

Marketing communications
Optional features (location services, biometric authentication)
Testimonials and publicity
Non-essential cookies

Vital Interests: Processing necessary to protect your vital interests or those of others in emergencies.

You have the right to object to processing based on legitimate interests and to withdraw consent at any time.

16. NIGERIAN DATA PROTECTION COMPLIANCE

CHI complies with the Nigeria Data Protection Regulation (NDPR) 2019 and all applicable Nigerian data protection laws, including:

Lawful processing of personal data
Purpose limitation and data minimisation
Accuracy and integrity of data
Appropriate security measures
Rights of data subjects
Accountability and transparency

Regulatory Authority: National Information Technology Development Agency (NITDA)
Contact NITDA: info@nitda.gov.ng | www.nitda.gov.ng

If you have unresolved concerns about our data practices, you may lodge a complaint with NITDA.

17. ACKNOWLEDGMENT AND CONSENT

By using CHI’s website, LMS, mobile applications, or any of our services, you acknowledge that:

You have read and understood this Privacy Policy
You consent to the collection, use, and disclosure of your information as described
You understand your rights and how to exercise them
You agree to receive necessary communications related to your use of our services
You understand that certain services require information processing for functionality

If you do not agree with this Privacy Policy, please do not use our services.

Version: 1.0