Legal & Compliance

Privacy Policy — ZivanaCare Merchant

Effective Date & Last Updated: June 29, 2026

KingMind Technologies Ltd ("we," "our," or "us") operates the ZivanaCare Merchant application ("the App"), a business management platform for verified pharmacies, medical suppliers, and healthcare product vendors on the ZivanaCare marketplace. This Privacy Policy explains how we collect, use, store, and protect your business and personal data when you use the App.

ZivanaCare operates globally, including in Nigeria, the United Kingdom, the European Union, the United States, Canada, and other African countries. We are committed to complying with applicable data protection laws in each jurisdiction where we operate.

By registering and using ZivanaCare Merchant, you agree to the practices described in this policy.

1. Who This Policy Applies To

This policy applies to business owners, managers, and authorised staff of pharmacies, medical supply companies, wellness product vendors, and other healthcare-related businesses that are registered and verified on the ZivanaCare Merchant platform, regardless of their country of operation.

2. Information We Collect

2.1 Business Identity & Verification Data

  • Business name, registration number, and business type.
  • Business registration certificate (e.g. CAC in Nigeria, Companies House in the UK, equivalent in other jurisdictions).
  • Applicable regulatory licences (e.g. NAFDAC/PCN in Nigeria, MHRA in the UK, FDA registration in the USA, Health Canada licence).
  • Business address and operating location(s).
  • Tax Identification Number or equivalent (e.g. TIN in Nigeria, UTR in the UK, EIN in the USA, BN in Canada).

2.2 Authorised Representative Data

  • Full name, role, and contact details of the account holder.
  • Government-issued ID of the business representative (for KYC).
  • Profile photo (optional).

2.3 Account & Contact Information

  • Business email address and phone number.
  • Password (stored in encrypted/hashed form — never in plain text).
  • Country of operation and preferred currency.
  • Device information (device type, OS version, unique device identifiers).

2.4 Product & Inventory Data

  • Product names, descriptions, categories, and pricing.
  • Product images and media uploads.
  • Stock levels and inventory updates.
  • Applicable regulatory registration numbers (e.g. NAFDAC numbers, MHRA product licences).

2.5 Order & Transaction Data

  • Customer orders received through the ZivanaCare platform.
  • Order fulfilment status and delivery updates.
  • Sales history and revenue summaries.
  • Commission deductions per transaction.
  • Refund and dispute records.

2.6 Financial & Payout Data

  • Bank account details or payment processor recipient codes.
  • Paystack recipient codes (NGN payouts).
  • Stripe Connect details (GBP/EUR/USD/CAD payouts).
  • Payout history, schedules, and earnings statements.

2.7 Usage & Technical Data

  • App usage logs and activity timestamps.
  • Push notification interaction data (via OneSignal).
  • Crash reports and diagnostic information.
  • IP address and approximate location (city-level only).

3. How We Use Your Information

PurposeData Used
Business account creation and authenticationIdentity, contact, credentials
Vendor verification and KYC onboardingBusiness docs, representative ID
Enabling product listings on the marketplaceProduct and inventory data
Processing customer orders and fulfilmentOrder and transaction data
Calculating and processing earnings and payoutsFinancial/payout data
Sending order alerts and notificationsContact, usage data
Ensuring regulatory complianceBusiness and product data
Resolving customer disputes and refund requestsOrder and transaction data
Improving platform performance and reliabilityTechnical and usage data

4. Customer Data You Access

As a merchant on ZivanaCare, you will receive limited customer information (such as delivery name, address, and order details) necessary to fulfil orders. You agree that:

  • Customer data is provided solely for order fulfilment purposes.
  • You must not use customer data for marketing, profiling, or any purpose outside the specific order.
  • You must not share, sell, or export customer data to third parties.
  • You must handle customer data in accordance with applicable data protection laws in your jurisdiction.
  • Misuse of customer data is a violation of this policy and may result in immediate account suspension.

5. Prescription Orders

Where customers submit prescription documents to purchase regulated pharmaceutical products:

  • Prescription images are transmitted securely and are accessible only to the fulfilling licensed pharmacy.
  • KingMind Technologies Ltd does not store prescription content beyond the order lifecycle.
  • You, as the licensed pharmacy or dispensing entity, bear full professional and legal responsibility for verifying prescriptions before dispensing, in compliance with pharmaceutical regulations in your jurisdiction.

6. Legal Basis for Processing (GDPR / UK GDPR)

Processing ActivityLegal Basis
Account registration and verificationContract performance (Art. 6(1)(b))
Business KYC and regulatory verificationLegal obligation (Art. 6(1)(c))
Enabling marketplace listings and order fulfilmentContract performance (Art. 6(1)(b))
Payout processingContract performance (Art. 6(1)(b))
Platform analytics and improvementLegitimate interests (Art. 6(1)(f))
Compliance with legal obligationsLegal obligation (Art. 6(1)(c))

7. HIPAA Notice (United States)

For merchants operating in the United States who handle prescription products or patient-related health information through the platform, ZivanaCare Merchant may function as a Business Associate as defined under HIPAA. We implement appropriate safeguards to protect any Protected Health Information (PHI). A Business Associate Agreement (BAA) is available upon request by contacting privacy@zivanacare.com.

8. PIPEDA Notice (Canada)

For merchants in Canada, we process personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, and withdraw consent for the use of your personal information. Contact our Privacy Officer at privacy@zivanacare.com.

9. Data Sharing & Third Parties

We do not sell your personal or business data. We share data only with service providers (Paystack, Stripe, OneSignal, Hetzner, Cloudinary) to run the services, visible marketplace public elements to buyers, and regulatory or legal authorities as mandated by law.

10. International Data Transfers

Your data is stored and processed on servers located in the European Union (Hetzner, Germany). Cross-border transfers are protected by Standard Contractual Clauses (SCCs), UK IDTAs, PIPEDA, and the NDPA 2023.

11. Data Retention

  • Account and profile data: Duration of active account + 2 years.
  • Product and inventory records: Duration of active account + 1 year.
  • Order and transaction records: 7 years (tax and regulatory compliance).
  • KYC and verification documents: 5 years post-account closure.
  • Technical and usage logs: 12 months.

12. Data Security

Passwords are hashed using bcrypt. All data in transit is encrypted via TLS/HTTPS. Servers are hosted in Hetzner secure private cloud. Access to production systems is strictly limited to authorised KingMindTech personnel.

13. Your Rights

You have the right to access, correct, delete (partial for tax logs), port, object, or withdraw consent. Lodge complaints to the NDPC (Nigeria), ICO (UK), HHS (US), or OPC (Canada). Contact us at privacy@zivanacare.com to exercise these rights.

14. Contact Us

KingMind Technologies Ltd

Port Harcourt, Rivers State, Nigeria

📧 privacy@zivanacare.com

🌐 zivanacare.com/merchant/privacy

Need help? We're here!
Ask about tickets, events, payouts, and more. Click to chat.